XSS in Openstack Horizon
CVE-2012-2094
Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web sc…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.013 (80.3th percentile) — read the EPSS interpretation.
Affected products
- Openstack Horizon — versions 2012.1, folsom-1
- N/a — versions n/a
Weakness classification (CWE)
References
- 49024 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- openstack-horizon-xss(76136) (vdb-entry, x_refsource_XF)
- 81742 (x_refsource_OSVDB, vdb-entry)
- USN-1439-1 (x_refsource_UBUNTU, vendor-advisory)
- secalert@redhat.com (x_refsource_MISC)
- 49071 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- FEDORA-2012-6108 (x_refsource_FEDORA, vendor-advisory)
- [openstack] 20120417 [OSSA 2012-004] XSS vulnerability in Horizon log viewer (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (x_refsource_CONFIRM)