PT-2013-6149 · Openstack · Openstack Dashboard

Chris Chapman

·

Publicado

2013-11-23

·

Atualizado

2021-03-09

·

CVE-2013-6858

CVSS v2.0

4.3

Média

VetorAV:N/AC:M/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions OpenStack Dashboard (Horizon) versions 2013.2 and earlier
Description The issue allows local users to inject arbitrary web script or HTML via an instance name to the "Volumes" or "Network Topology" page, which can lead to cross-site scripting (XSS) attacks.
Recommendations For OpenStack Dashboard (Horizon) versions 2013.2 and earlier, update to a version later than 2013.2 to resolve the issue.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2013-6858
RHSA-2014:0365

Produtos afetados

Openstack Dashboard