PT-2014-5346 · Openstack+1 · Openstack Dashboard+1
Published
2014-07-09
·
Updated
2023-02-13
·
CVE-2014-3474
CVSS v2.0
3.5
Low
| Vector | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
OpenStack Dashboard (Horizon) versions 2013.2.3 and earlier
OpenStack Dashboard (Horizon) versions 2014.1 and earlier, excluding 2014.1.2 and later
OpenStack Dashboard (Horizon) versions Juno and earlier, excluding Juno-2 and later
Description
A cross-site scripting (XSS) issue exists in the Launch Instance menu, allowing remote authenticated users to inject arbitrary web script or HTML via a network name. This is due to a vulnerability in the horizon/static/horizon/js/horizon.instances.js file.
Recommendations
For OpenStack Dashboard (Horizon) versions 2013.2.3 and earlier, update to version 2013.2.4 or later.
For OpenStack Dashboard (Horizon) versions 2014.1 and earlier, excluding 2014.1.2 and later, update to version 2014.1.2 or later.
For OpenStack Dashboard (Horizon) versions Juno and earlier, excluding Juno-2 and later, update to version Juno-2 or later.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openstack Dashboard
Ubuntu