5 matches found
CVE-2014-3474
CVE-2014-3474 is a cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js within the Launch Instance menu of the OpenStack Dashboard (Horizon). The affected scope includes Horizon releases before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2. The vul...
CVE-2014-3475
CVE-2014-3475 is an XSS issue in the OpenStack Horizon Users panel (admin/users/). Affected software: OpenStack Horizon before 2013.2.4, OpenStack Horizon 2014.1 before 2014.1.2, and Horizon in the Juno series before Juno-2. Root cause: cross-site scripting via a user email address allows injecti...
CVE-2014-3473
The CVE-2014-3473 entry describes a Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard’s Orchestration/Stack area when used with Heat. Affected versions are Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2. The issue allows remote Orchestration ...
CVE-2014-8578
CVE-2014-8578 : XSS in the OpenStack Horizon Groups panel (remote administrators) via a user email address, affecting Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2. Root cause: input handling flaw enables arbitrary script/HTML injection. Connected sources confirm the sam...
CVE-2014-3594
CVE-2014-3594 affects OpenStack Horizon (Host Aggregates UI). The vulnerability allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name in the Host Aggregates interface, affecting Horizon releases before 2013.2.4, 2014.1 before 2014.1.2, and Juno before J...