The Apache CloudStack Security Team was notified of an issue found in the Apache CloudStack user interface that allows an authenticated user to execute cross-site scripting attack against other users within the system.
Mitigation:
Updating to Apache CloudStack versions 4.1.1 or higher will mitigate this vulnerability.
Please see the 4.1.1 release notes for further information about how to upgrade:
http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.1.1/html/Release_Notes/index.html
References:
https://issues.apache.org/jira/browse/CLOUDSTACK-2936
Credit:
This issue was identified by Oleg Boytsev from strongserver.org.
Read more at Apache CloudStack Weekly News
