{"id":"CVE-2018-1000095","details":"oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application. This vulnerability appears to have been fixed in version 4.2.3.","modified":"2026-03-14T09:25:49.416664Z","published":"2018-03-13T01:29:00.843Z","references":[{"type":"REPORT","url":"https://gerrit.ovirt.org/c/87265/"},{"type":"FIX","url":"https://gerrit.ovirt.org/#/c/87265/2/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/widget/host/HostNetworkInterfaceListViewItem.java"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ovirt/ovirt-engine","events":[{"introduced":"eb3d195a3e2a4285db99fb90543fa6f4f815de08"},{"last_affected":"caafa856696d076a3e833f322263b91f4980e318"}],"database_specific":{"versions":[{"introduced":"4.2.0"},{"last_affected":"4.2.2"}]}}],"versions":["ovirt-engine-4.2.0","ovirt-engine-4.2.0.1","ovirt-engine-4.2.0.2","ovirt-engine-4.2.1","ovirt-engine-4.2.1.1","ovirt-engine-4.2.1.2","ovirt-engine-4.2.1.3","ovirt-engine-4.2.1.4","ovirt-engine-4.2.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000095.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"}]}