PT-2014-3506 · Openstack · Openstack Dashboard
Cristian Fiorentino
·
Published
2014-04-15
·
Updated
2023-02-13
·
CVE-2014-0157
CVSS v4.0
5.1
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
Name of the Vulnerable Software and Affected Versions
OpenStack Dashboard (aka Horizon) versions 2013.2 before 2013.2.4
OpenStack Dashboard (aka Horizon) versions icehouse before icehouse-rc2
Description
A cross-site scripting (XSS) issue exists in the Horizon Orchestration dashboard, allowing remote attackers to inject arbitrary web script or HTML via the
description field of a Heat template.Recommendations
For OpenStack Dashboard (aka Horizon) versions 2013.2 before 2013.2.4, update to version 2013.2.4 or later.
For OpenStack Dashboard (aka Horizon) versions icehouse before icehouse-rc2, update to version icehouse-rc2 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openstack Dashboard