4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
47.6%
Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard
(Horizon) 2013.2 and earlier allow local users to inject arbitrary web
script or HTML via an instance name to (1) “Volumes” or (2) “Network
Topology” page.
Author | Note |
---|---|
mdeslaur | OSSA 2013-036 |
jdstrand | this is the same as CVE-2013-6406 |
lists.openstack.org/pipermail/openstack-announce/2013-December/000173.html
secunia.com/advisories/55770
launchpad.net/bugs/cve/CVE-2013-6858
nvd.nist.gov/vuln/detail/CVE-2013-6858
security-tracker.debian.org/tracker/CVE-2013-6858
ubuntu.com/security/notices/USN-2062-1
www.cve.org/CVERecord?id=CVE-2013-6858