Lucene search

K
ubuntucveUbuntu.comUB:CVE-2014-3594
HistoryAug 19, 2014 - 12:00 a.m.

CVE-2014-3594

2014-08-1900:00:00
ubuntu.com
ubuntu.com
10

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

48.3%

Cross-site scripting (XSS) vulnerability in the Host Aggregates interface
in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2,
and Juno before Juno-3 allows remote administrators to inject arbitrary web
script or HTML via a new host aggregate name.

Bugs

Notes

Author Note
jdstrand Horizon on Essex (Ubuntu 12.04) does not have the Host Aggregate interface
OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchhorizon< 1:2014.1.2-0ubuntu1.1UNKNOWN

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

48.3%