Sunil Yadav

**Name of the Vulnerable Software and Affected Versions** OpenStack Dashboard (Horizon) version 2015.1.0 **Description** The issue allows remote authenticated users to inject arbitrary web script or HTML via metadata to various components, including a Glance image, Nova flavor, or Host Aggregate. **Recommendations** For OpenStack Dashboard (Horizon) version 2015.1.0, update to a version that addresses the XSS vulnerabilities to prevent remote authenticated users from injecting arbitrary web script or HTML.

**Name of the Vulnerable Software and Affected Versions** Microsoft SharePoint Server 2010 SP1 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via crafted content. This can lead to administrative command execution. **Recommendations** For Microsoft SharePoint Server 2010 SP1, update to a version that includes the fix for this issue to prevent administrative command execution via crafted web script or HTML injection.

**Name of the Vulnerable Software and Affected Versions** Microsoft Visual Studio Team Foundation Server 2010 SP1 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. This could potentially lead to unauthorized actions on the affected system. **Recommendations** For Microsoft Visual Studio Team Foundation Server 2010 SP1, update to a version that includes the fix for this issue to prevent exploitation.