XSS in Openstack Horizon

CVE-2014-3475

Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.004 (58.5th percentile) — read the EPSS interpretation.

Affected products

Openstack Horizon — versions juno-1
Opensuse — versions 13.1
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

68456 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory, Issue Tracking)
[oss-security] 20140708 [OSSA 2014-023] Multiple XSS vulnerabilities in Horizon (CVE-2014-3473, CVE-2014-3474, and CVE-2014-3475) (mailing-list, x_refsource_MLIST, Patch, Mailing List)
openSUSE-SU-2015:0078 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)