XSS in Openstack Horizon

CVE-2014-0157

Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.003 (50.2th percentile) — read the EPSS interpretation.

Affected products

Openstack Horizon — versions 2013.2, 2013.2.1, 2013.2.2
Opensuse — versions 13.1
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

66706 (vdb-entry, x_refsource_BID)
[oss-security] 20140408 [OSSA 2014-010] XSS in Horizon orchestration dashboard (CVE-2014-0157) (mailing-list, x_refsource_MLIST, Patch)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
openSUSE-SU-2015:0078 (vendor-advisory, x_refsource_SUSE)