137 matches found
CVE-2014-0157
Cross-site scripting XSS vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard aka Horizon 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template...
UBUNTU-CVE-2014-0157
Cross-site scripting XSS vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard aka Horizon 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template...
PT-2014-3506
Name of the Vulnerable Software and Affected Versions OpenStack Dashboard aka Horizon versions 2013.2 before 2013.2.4 OpenStack Dashboard aka Horizon versions icehouse before icehouse-rc2 Description A cross-site scripting XSS issue exists in the Horizon Orchestration dashboard, allowing remote...
OpenStack Horizon Orchestration Dashboard栈模版描述字段存储型跨站脚本漏洞
CVE ID:CVE-2014-0157 OpenStack Horizon用于为所有OpenStack服务提供一个模块化的基于页面的用户接口。 OpenStack Horizon Orchestration dashboard没有校验栈模版的描述符字段输入,允许远程攻击者利用漏洞注入恶意脚本或HTML代码,当恶意数据被查看时,可获取敏感信息或劫持用户会话。 0 OpenStack Horizon 2013.2 OpenStack Horizon 2013.2.3 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: https://review.openstack.org/86054...
openstack: horizon multiple XSS vulnerabilities.
Multiple cross-site scripting XSS vulnerabilities in OpenStack Dashboard Horizon 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to 1 "Volumes" or 2 "Network Topology" page...
[USN-2062-1] OpenStack Horizon vulnerability
========================================================================== Ubuntu Security Notice USN-2062-1 December 20, 2013 horizon vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Moderate: Red Hat Security Advisory: Django security update
Updated Django packages that fix multiple security issues are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
[USN-1565-1] OpenStack Horizon vulnerability
========================================================================== Ubuntu Security Notice USN-1565-1 September 13, 2012 horizon vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
OpenStack-Horizon: Open redirect through 'next' parameter
Open redirect vulnerability in views/authforms.py in OpenStack Dashboard Horizon Essex 2012.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by...
CVE-2012-3540
Open redirect vulnerability in views/authforms.py in OpenStack Dashboard Horizon Essex 2012.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by...
PYSEC-2012-18
Open redirect vulnerability in views/authforms.py in OpenStack Dashboard Horizon Essex 2012.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by...
CVE-2012-3540
Open redirect vulnerability in views/authforms.py in OpenStack Dashboard Horizon Essex 2012.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by...
DEBIAN-CVE-2012-2144
Session fixation vulnerability in OpenStack Dashboard Horizon folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie...
PYSEC-2012-32
Cross-site scripting XSS vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard Horizon folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console...
PYSEC-2012-33
Session fixation vulnerability in OpenStack Dashboard Horizon folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie...
Session fixation
Session fixation vulnerability in OpenStack Dashboard Horizon folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie...
CVE-2012-2144
Session fixation vulnerability in OpenStack Dashboard Horizon folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie...