XSS in Openstack Horizon

CVE-2014-3474

Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authentic…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.003 (53.9th percentile) — read the EPSS interpretation.

Affected products

Openstack Horizon — versions juno-1
Opensuse — versions 13.1
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

[oss-security] 20140708 [OSSA 2014-023] Multiple XSS vulnerabilities in Horizon (CVE-2014-3473, CVE-2014-3474, and CVE-2014-3475) (mailing-list, x_refsource_MLIST, Patch, Mailing List)
68460 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Exploit, Third Party Advisory, Issue Tracking)
openSUSE-SU-2015:0078 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)