Lucene search

[email protected]NVD:CVE-2013-6858

HistoryNov 23, 2013 - 5:55 p.m.

CVE-2013-6858

2013-11-2317:55:03

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

48.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) “Volumes” or (2) “Network Topology” page.

Affected configurations

NVD

Node

openstackhorizonRange2013.1–2013.2

Node

opensuseopensuseMatch13.1

Node

canonicalubuntu_linuxMatch12.10

canonicalubuntu_linuxMatch13.04

canonicalubuntu_linuxMatch13.10

References

lists.opensuse.org/opensuse-updates/2015-01/msg00040.html

secunia.com/advisories/55770

secunia.com/advisories/56117

www.securityfocus.com/bid/63787

www.ubuntu.com/usn/USN-2062-1

bugs.launchpad.net/horizon/+bug/1247675

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

48.2%

JSON

Related for NVD:CVE-2013-6858

cve2 securityvulns2 redhat1 debiancve1 nessus2 veracode1 prion2 openvas2 ubuntu1 cvelist1 nvd1 ubuntucve1