2020-08-18 13:13:26
redhat
PUBLISHED
A flaw was found in Ovirt Engines web interface in ovirt 4.4 and earlier, where it did not filter user-controllable parameters completely, resulting in a reflected cross-site scripting attack. This flaw allows an attacker to leverage a phishing attack, steal an unsuspecting users cookies or other confidential information, or impersonate them within the applications context.