Openstack · Openstack Dashboard · CVE-2013-6858
**Name of the Vulnerable Software and Affected Versions**
OpenStack Dashboard (Horizon) versions 2013.2 and earlier
**Description**
The issue allows local users to inject arbitrary web script or HTML via an instance name to the "Volumes" or "Network Topology" page, which can lead to cross-site scripting (XSS) attacks.
**Recommendations**
For OpenStack Dashboard (Horizon) versions 2013.2 and earlier, update to a version later than 2013.2 to resolve the issue.