PT-2014-5345 · Openstack+1 · Openstack Dashboard+2

Jason Hullinger

·

Publicado

2014-07-09

·

Atualizado

2023-02-13

·

CVE-2014-3473

CVSS v2.0

4.3

Média

VetorAV:N/AC:M/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions OpenStack Dashboard (Horizon) versions prior to 2013.2.4 OpenStack Dashboard (Horizon) versions 2014.1 prior to 2014.1.2 OpenStack Dashboard (Horizon) Juno versions prior to Juno-2
Description A cross-site scripting (XSS) issue exists in the Orchestration/Stack section of the Horizon Orchestration dashboard. This allows remote Orchestration template owners or catalogs to inject arbitrary web script or HTML via a crafted template when used with Heat.
Recommendations For versions prior to 2013.2.4, update to version 2013.2.4 or later. For versions 2014.1 prior to 2014.1.2, update to version 2014.1.2 or later. For Juno versions prior to Juno-2, update to Juno-2 or later.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2014-3473
GHSA-8VWV-2V7V-JMGR
RHSA-2014:0939
RHSA-2014:1188
USN-2323-1

Produtos afetados

Heat
Openstack Dashboard
Ubuntu