XSS in Openstack Horizon
CVE-2015-3219
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the descrip…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.004 (61.6th percentile) — read the EPSS interpretation.
Affected products
- Openstack Horizon — versions 2014.2.0, 2014.2.1, 2014.2.2
- Oracle Solaris — versions 11.2
- Debian Debian_linux — versions 8.0
- N/a — versions n/a
Weakness classification (CWE)
References
- [openstack-announce] 20150609 [OSSA 2015-010] XSS in Horizon Heat stack creation (CVE-2015-3219) (Vendor Advisory, mailing-list, x_refsource_MLIST, Patch)
- secalert@redhat.com (x_refsource_CONFIRM, Exploit, Vendor Advisory)
- 75109 (Third Party Advisory, vdb-entry, x_refsource_BID)
- DSA-3617 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
- secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
- RHSA-2015:1679 (x_refsource_REDHAT, vendor-advisory)
- [oss-security] 20150609 [OSSA 2015-010] XSS in Horizon Heat stack creation (CVE-2015-3219) (mailing-list, x_refsource_MLIST, Patch)