XSS in Openstack Horizon
CVE-2014-3594
Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.006 (70.0th percentile) — read the EPSS interpretation.
Affected products
- Openstack Horizon — versions juno-1, juno-2
- Opensuse — versions 13.1
- N/a — versions n/a
Weakness classification (CWE)
References
- RHSA-2014:1336 (x_refsource_REDHAT, vendor-advisory, Broken Link)
- 69291 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
- secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
- RHSA-2014:1335 (x_refsource_REDHAT, vendor-advisory, Broken Link)
- secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
- [oss-security] 20140819 [OSSA 2014-027] Persistent XSS in Horizon Host Aggregates interface (CVE-2014-3594) (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Exploit, Third Party Advisory, Issue Tracking)
- openSUSE-SU-2015:0078 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- openstack-horizon-cve20143594-xss(95378) (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_XF)