Name of the Vulnerable Software and Affected Versions OpenStack Dashboard (Horizon) versions folsom-1 and 2012.1 and earlier

Description A cross-site scripting (XSS) issue exists in the log viewer's refresh mechanism, allowing remote attackers to inject arbitrary web script or HTML via the guest console. This affects the horizon.js file located in horizon/static/horizon/js/.

Recommendations For OpenStack Dashboard (Horizon) versions folsom-1 and 2012.1 and earlier, consider disabling the log viewer's refresh mechanism in the horizon.js file until a patch is available. Restrict access to the guest console to minimize the risk of exploitation.