Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openstack horizon vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-3219
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 prior to 2014.2.4 and 2015.1.x prior to 2015.1.1 allows remote malicious users to inject arbitrary web script or HTML via the description parameter in a heat templa...
Debian Debian Linux 8.0
Openstack Horizon 2014.2.0
Openstack Horizon 2014.2.1
Openstack Horizon 2015.1.0
Openstack Horizon 2014.2.2
Openstack Horizon 2014.2.3
Oracle Solaris 11.2
NA
CVE-2012-2144
Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote malicious users to hijack web sessions via the sessionid cookie.
Openstack Horizon Folsom-1
Openstack Horizon 2012.1
NA
CVE-2012-2094
Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the gues...
Openstack Horizon Folsom-1
Openstack Horizon 2012.1
6.1
CVSSv3
CVE-2022-45582
Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter.
Openstack Horizon
NA
CVE-2013-4471
The Identity v3 API in OpenStack Dashboard (Horizon) prior to 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote malicious users to change a user password by leveraging the authentication token for that user.
Openstack Horizon
NA
CVE-2012-3542
OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote malicious users to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier wa...
Openstack Essex 2012.1
Openstack Horizon Folsom-3
NA
CVE-2012-3540
Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally a...
Openstack Horizon 2012.1
NA
CVE-2012-3426
OpenStack Keystone prior to 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chai...
Openstack Essex
Openstack Keystone 2012.1.1
Openstack Keystone 2012.1
Openstack Horizon Folsom-1
6.1
CVSSv3
CVE-2020-29565
An issue exists in OpenStack Horizon prior to 15.3.2, 16.x prior to 16.2.1, 17.x and 18.x prior to 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automat...
Openstack Horizon
Debian Debian Linux 10.0
NA
CVE-2014-8124
OpenStack Dashboard (Horizon) prior to 2014.1.3 and 2014.2.x prior to 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote malicious users to cause a denial of service via a large number of requests to the login page.
Openstack Horizon
Fedoraproject Fedora 21
Opensuse Opensuse 13.1
Oracle Solaris 11.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
brute force
CVE-2024-24908
open redirect
CVE-2024-31497
CVE-2023-45866
CVE-2024-4135
CVE-2024-25523
cache poisoning
CVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »