XSS in Openstack Horizon
CVE-2015-3988
Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggre…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.004 (58.0th percentile) — read the EPSS interpretation.
Affected products
- Openstack Horizon — versions 2015.1.0
- Oracle Solaris — versions 11.2
- N/a — versions n/a
Weakness classification (CWE)
References
- [oss-security] 20150512 CVE request for vulnerability in OpenStack Horizon (mailing-list, x_refsource_MLIST, Third Party Advisory)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory)
- RHSA-2015:1679 (x_refsource_REDHAT, vendor-advisory)
- [oss-security] 20150512 CVE request for vulnerability in OpenStack Horizon (mailing-list, x_refsource_MLIST, Third Party Advisory)
- 74666 (Third Party Advisory, vdb-entry, x_refsource_BID)