Chris Chapman discovered cross-site scripting (XSS) vulnerabilities
in Horizon via the Volumes and Network Topology pages. An authenticated
attacker could exploit these to conduct stored cross-site scripting (XSS)
attacks against users viewing these pages in order to modify the contents
or steal confidential data within the same domain.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 13.10 | noarch | python-django-horizon | < 1:2013.2-0ubuntu1.1 | UNKNOWN |
Ubuntu | 13.10 | noarch | openstack-dashboard | < 1:2013.2-0ubuntu1.1 | UNKNOWN |
Ubuntu | 13.10 | noarch | openstack-dashboard-ubuntu-theme | < 1:2013.2-0ubuntu1.1 | UNKNOWN |
Ubuntu | 13.10 | noarch | python-django-openstack | < 1:2013.2-0ubuntu1.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | python-django-horizon | < 1:2013.1.4-0ubuntu1.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | openstack-dashboard | < 1:2013.1.4-0ubuntu1.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | openstack-dashboard-ubuntu-theme | < 1:2013.1.4-0ubuntu1.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | python-django-openstack | < 1:2013.1.4-0ubuntu1.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | python-django-horizon | < 2012.2.4-0ubuntu1.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | openstack-dashboard | < 2012.2.4-0ubuntu1.1 | UNKNOWN |