Cristian Fiorentino

**Name of the Vulnerable Software and Affected Versions** OpenStack Dashboard (aka Horizon) versions 2013.2 before 2013.2.4 OpenStack Dashboard (aka Horizon) versions icehouse before icehouse-rc2 **Description** A cross-site scripting (XSS) issue exists in the Horizon Orchestration dashboard, allowing remote attackers to inject arbitrary web script or HTML via the `description` field of a Heat template. **Recommendations** For OpenStack Dashboard (aka Horizon) versions 2013.2 before 2013.2.4, update to version 2013.2.4 or later. For OpenStack Dashboard (aka Horizon) versions icehouse before icehouse-rc2, update to version icehouse-rc2 or later.