CVE-2013-2136

Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone wizard; (2) New network name, (3) instance name, or (4) group to the Instance wizard; (5) unspecified "multi-edit fields;" and (6) unspecified "list view" edit fields related to global settings.

Published: Aug 19, 2013
Updated: Nov 9, 2025
CVE: CVE-2013-2136
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
apache / cloudstack	2.2.7	2.2.7.x
apache / cloudstack	2.1.6	2.1.6.x
apache / cloudstack	2.2.14	2.2.14.x
apache / cloudstack	2.2.0	2.2.0.x
apache / cloudstack	2.2.12	2.2.12.x
apache / cloudstack	2.2.6	2.2.6.x
apache / cloudstack	2.2.9	2.2.9.x
apache / cloudstack	2.1.8	2.1.8.x
apache / cloudstack	2.1.2	2.1.2.x
apache / cloudstack	2.0	2.0.x
apache / cloudstack	2.2.5	2.2.5.x
apache / cloudstack	2.2.11	2.2.11.x
apache / cloudstack	2.1.0	2.1.0.x
apache / cloudstack	2.1.3	2.1.3.x
apache / cloudstack	2.2.2	2.2.2.x
apache / cloudstack	2.1.5	2.1.5.x
apache / cloudstack	2.2.1	2.2.1.x
apache / cloudstack	3.0.1	3.0.1.x
apache / cloudstack	3.0.2	3.0.2.x
apache / cloudstack	2.2.13	2.2.13.x
apache / cloudstack	2.0.1	2.0.1.x
apache / cloudstack	2.1.9	2.1.9.x
apache / cloudstack	4.0.2	4.0.2.x
apache / cloudstack	4.0.1	4.0.1.x
apache / cloudstack	3.0.0	3.0.0.x
apache / cloudstack	2.1.10	2.1.10.x
apache / cloudstack	2.2.8	2.2.8.x
apache / cloudstack	-	4.1.0.x
apache / cloudstack	4.0.0-incubating	4.0.0-incubating.x
apache / cloudstack	2.1.1	2.1.1.x
apache / cloudstack	2.1.7	2.1.7.x
apache / cloudstack	2.2.3	2.2.3.x
apache / cloudstack	2.1.4	2.1.4.x

Vulnerability Database

309,364

CVE-2013-2136

Deep Security Visibility Without the Complexity