Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:12066
HistoryJan 15, 2019 - 9:11 a.m.

Cross-site Scripting (XSS)

2019-01-1509:11:56
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6

0.001 Low

EPSS

Percentile

41.7%

python-django-horizon is vulnerable to cross-site scripting (XSS). A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form (for example, using an image’s description), triggering the vulnerability when another user browsed the affected page. As a result, this flaw could result in user accounts being compromised (for example, user-access credentials being stolen).