Horizon@* Security Vulnerabilities and Issues — Horizon@* CVE List

Lucene search

OpenstackHorizon*

4 matches found

CVE•added 2016/07/12 7:59 p.m.•114 views

CVE-2016-4428

Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.

5.4CVSS5AI score0.00553EPSS

CVE•added 2019/12/30 8:15 p.m.•87 views

CVE-2012-5474

The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.

5.5CVSS5.5AI score0.00067EPSS

CVE•added 2014/12/12 3:59 p.m.•58 views

CVE-2014-8124

OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page.

5CVSS6.6AI score0.00778EPSS

CVE•added 2014/05/14 7:55 p.m.•40 views

CVE-2013-4471

The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user.

5.5CVSS7.1AI score0.00181EPSS