CVE-2014-3594
5.3 Medium
AI Score
Confidence
High
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
47.9%
Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name.
References
lists.opensuse.org/opensuse-updates/2015-01/msg00040.html
rhn.redhat.com/errata/RHSA-2014-1335.html
rhn.redhat.com/errata/RHSA-2014-1336.html
seclists.org/oss-sec/2014/q3/413
www.securityfocus.com/bid/69291
bugs.launchpad.net/horizon/+bug/1349491
exchange.xforce.ibmcloud.com/vulnerabilities/95378
review.openstack.org/#/c/115310
review.openstack.org/#/c/115311
review.openstack.org/#/c/115313/
Social References
More
Related
5.3 Medium
AI Score
Confidence
High
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
47.9%