August 7, 2013

Apache CloudStack Cross-site Scripting (XSS) Vulnerabiliity

The Apache CloudStack Security Team was notified of an issue found in the Apache CloudStack user interface that allows an authenticated user to execute cross-site scripting attack against other users within the system.


Updating to Apache CloudStack versions 4.1.1 or higher will mitigate this vulnerability.

Please see the 4.1.1 release notes for further information about how to upgrade:



This issue was identified by Oleg Boytsev from

Click Here!