CVE-2012-2094

Name of the Vulnerable Software and Affected Versions OpenStack Dashboard (Horizon) versions folsom-1 and 2012.1 and earlier

Description The issue is related to a cross-site scripting (XSS) vulnerability in the refresh mechanism of the log viewer. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the guest console. The vulnerability is located in the horizon/static/horizon/js/horizon.js file.

Recommendations For OpenStack Dashboard (Horizon) versions folsom-1 and 2012.1 and earlier, consider disabling the log viewer refresh mechanism until a patch is available. Restrict access to the guest console to minimize the risk of exploitation. Avoid using the guest console in the log viewer until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.