Cross-site scripting (XSS) vulnerability in crowbar_framework/app/views/support/index.html.haml in the Crowbar barclamp in Crowbar, possibly 1.4 and earlier, allows remote attackers to inject arbitrary web script or HTML via the file parameter to /utils.
Max CVSS
4.3
EPSS Score
0.19%
Published
2012-09-05
Updated
2012-09-06
The Crowbar Ohai plugin (chef/cookbooks/ohai/files/default/plugins/crowbar.rb) in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via vectors related to "insecure handling of tmp files" and predictable file names.
Max CVSS
4.6
EPSS Score
0.04%
Published
2012-09-05
Updated
2017-08-29
2 vulnerabilities found