Incorrect Behavior Order

Overview Affected versions of this package are vulnerable to Incorrect Behavior Order due to a write operation to the session storage backend occurring before authentication. An attacker can exhaust storage resources by sending unauthenticated requests. Remediation Upgrade horizon to version 25.7...

CVE-2026-43002

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...

CVE-2023-0871

XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity XXE injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution...

CVE-2021-25932

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since t...

PT-2023-27541 · Meridian +1 · Meridian +1

Name of the Vulnerable Software and Affected Versions: OpenMNS Horizon versions 31.0.8 and earlier than 32.0.2 Meridian versions prior to 2023.1.5 Description: The file editor in OpenMNS Horizon, accessible to users with ROLE FILESYSTEM EDITOR privileges, is vulnerable to XXE injection attacks. T...

PT-2023-16576 · Opennms · Opennms Horizon +1

Name of the Vulnerable Software and Affected Versions: OpenMNS Horizon versions 31.0.8 through 32.0.2 Meridian affected versions not specified Description: The Horizon REST API includes a "users" endpoint that is vulnerable to elevation of privilege. The solution is to upgrade to a newer version...

blazar-dashboard (=1.2.0), freezer-web-ui (=7.0.0.0b1) +3 more potentially affected by CVE-2020-29565 via horizon (=17.1.0)

horizon PYPI version =17.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on horizon and may be impacted: - blazar-dashboard =1.2.0 - freezer-web-ui =7.0.0.0b1 - monasca-ui =1.13.0 - sahara-dashboard =9.0.0.0b3, =2.4.0, =3.0.1 Source cves: CVE-2020-295...

blazar-dashboard (=1.2.0), freezer-web-ui (=7.0.0.0b1) +3 more potentially affected by CVE-2020-29565 via horizon (=17.1.0)

horizon PYPI version =17.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on horizon and may be impacted: - blazar-dashboard =1.2.0 - freezer-web-ui =7.0.0.0b1 - monasca-ui =1.13.0 - sahara-dashboard =9.0.0.0b3, =2.4.0, =3.0.1 Source cves: CVE-2020-295...

UBUNTU-CVE-2014-3475

Cross-site scripting XSS vulnerability in the Users panel admin/users/ in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than...

Ubuntu 13.10 : horizon vulnerability (USN-2206-1)

Cristian Fiorentino discovered that OpenStack Horizon did not properly perform input sanitization for Heat templates. If a user were tricked into using a specially crafted Heat template, an attacker could conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user...

networking-bgpvpn (=11.0.1) potentially affected by CVE-2012-3540 via horizon (=16.2.2)

horizon PYPI version =16.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on horizon and may be impacted: - networking-bgpvpn =11.0.1 Source cves: CVE-2012-3540 Source advisory: OSV:PYSEC-2012-18...

karbor-dashboard (>=1.4.0 <=1.5.1), murano-dashboard (>=6.0.0 <=8.0.0.0rc2) potentially affected by CVE-2012-3540 via horizon (=20.2.0)

horizon PYPI version =20.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on horizon and may be impacted: - karbor-dashboard =1.4.0, =6.0.0, =8.0.0.0rc2 Source cves: CVE-2012-3540 Source advisory: OSV:PYSEC-2012-18...

sahara-dashboard (=10.0.2) potentially affected by CVE-2012-3540 via horizon (=15.3.2)

horizon PYPI version =15.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on horizon and may be impacted: - sahara-dashboard =10.0.2 Source cves: CVE-2012-3540 Source advisory: OSV:PYSEC-2012-18...