Lucene search

K

GoogleOSV:GHSA-CMG8-5C63-PG95

HistoryMay 14, 2022 - 2:09 a.m.

OpenStack Dashboard (aka Horizon) vulnerable to Cross-site Scripting

2022-05-1402:09:21

Google

osv.dev

23

openstack

horizon

cross-site scripting

EPSS

0.002

Percentile

60.3%

Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template.

References

lists.opensuse.org/opensuse-updates/2015-01/msg00040.html

www.openwall.com/lists/oss-security/2014/04/08/8

www.securityfocus.com/bid/66706

access.redhat.com/errata/RHSA-2014:0581

access.redhat.com/security/cve/CVE-2014-0157

bugzilla.redhat.com/show_bug.cgi?id=1082858

launchpad.net/bugs/1289033

nvd.nist.gov/vuln/detail/CVE-2014-0157

opendev.org/openstack/horizon

web.archive.org/web/20200228185211/www.securityfocus.com/bid/66706

EPSS

0.002

Percentile

60.3%

Related for OSV:GHSA-CMG8-5C63-PG95

redhat1 seebug1 debiancve1 nessus3 veracode1 securityvulns2 openvas4 prion1 ubuntucve1 nvd1 cve1 ubuntu1 cvelist1 github1 fedora1