7 matches found
RHEL 7 : python-django-horizon (RHSA-2015:1679)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1679 advisory. OpenStack Dashboard Horizon provides administrators and users with a graphical interface to access, provision, and automate cloud-based...
Cross-site Scripting (XSS)
OpenStack Dashboard Horizon provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Two security issues were discovered in the Horizon dashboard and are addressed in this update: A cross-site scripting XSS flaw was found in the Horizo...
Debian DSA-3617-1 : horizon - security update
Two cross-site scripting vulnerabilities have been found in Horizon, a web application to control an OpenStack cloud. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3617. The text itself ...
Moderate: Red Hat Security Advisory: python-django-horizon security and bug fix update
Updated python-django-horizon packages that fix multiple security issues are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...
CVE-2015-3219
creationtimestamp| type| source ---|---|--- 2015-08-21 13:00:41+00:00| seen| MISP/55d720e0-f5c8-4290-ba7f-289f0a00020f...
CVE-2015-3219
CVE-2015-3219 is a cross-site scripting (XSS) vulnerability in OpenStack Horizon’s Horizon Orchestration/Stack UI. The flaw allows an attacker to inject script via the description parameter in a heat template, due to improper handling in the Field class’s help_text. Affected: OpenStack Dashboard ...
CVE-2015-3219
Cross-site scripting XSS vulnerability in the Orchestration/Stack section in OpenStack Dashboard Horizon 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handl...