XSS in Openstack Horizon

CVE-2014-3473

Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when used with Heat, allow…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.004 (61.1th percentile) — read the EPSS interpretation.

Affected products

Openstack Horizon — versions juno-1
Opensuse — versions 13.1
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

[oss-security] 20140708 [OSSA 2014-023] Multiple XSS vulnerabilities in Horizon (CVE-2014-3473, CVE-2014-3474, and CVE-2014-3475) (mailing-list, x_refsource_MLIST, Patch, Mailing List)
68459 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory, Issue Tracking)
openSUSE-SU-2015:0078 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)