Openstack · Openstack Dashboard · CVE-2014-3475
**Name of the Vulnerable Software and Affected Versions**
OpenStack Dashboard (Horizon) versions prior to 2013.2.4
OpenStack Dashboard (Horizon) versions 2014.1 prior to 2014.1.2
OpenStack Dashboard (Horizon) Juno versions prior to Juno-2
**Description**
A cross-site scripting (XSS) issue exists in the Users panel of OpenStack Dashboard (Horizon), allowing remote administrators to inject arbitrary web script or HTML via a user email address.
**Recommendations**
For versions prior to 2013.2.4, update to version 2013.2.4 or later.
For versions 2014.1 prior to 2014.1.2, update to version 2014.1.2 or later.
For Juno versions prior to Juno-2, update to Juno-2 or later.