3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
41.5%
Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack
Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno
before Juno-2 allows remote administrators to inject arbitrary web script
or HTML via a user email address, a different vulnerability than
CVE-2014-3475.
Author | Note |
---|---|
jdstrand | Ubuntu 12.04 LTS not affected, introduced by: https://review.openstack.org/gitweb?p=openstack/horizon.git |