PT-2015-6374 · Openstack · Nova+2

Sunil Yadav

Published

2015-05-19

Updated

2016-12-24

CVE-2015-3988

CVSS v2.0

3.5

Low

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions OpenStack Dashboard (Horizon) version 2015.1.0

Description The issue allows remote authenticated users to inject arbitrary web script or HTML via metadata to various components, including a Glance image, Nova flavor, or Host Aggregate.

Recommendations For OpenStack Dashboard (Horizon) version 2015.1.0, update to a version that addresses the XSS vulnerabilities to prevent remote authenticated users from injecting arbitrary web script or HTML.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2015-3988

RHSA-2015:1679

SUSE-SU-2015:2064-1

Affected Products

Glance

Nova

Openstack Dashboard

PT-2015-6374 · Openstack · Nova+2

CVE-2015-3988

Weakness Enumeration

Related Identifiers

Affected Products

References · 23