XSS in Openstack Horizon

CVE-2014-8578

Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user em…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.003 (55.1th percentile) — read the EPSS interpretation.

Affected products

Openstack Horizon — versions juno-1
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

68456 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory, Issue Tracking)
[oss-security] 20140708 [OSSA 2014-023] Multiple XSS vulnerabilities in Horizon (CVE-2014-3473, CVE-2014-3474, and CVE-2014-3475) (mailing-list, x_refsource_MLIST, Patch, Mailing List)