Published: 15/04/2014 Updated: 13/02/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 prior to 2013.2.4 and icehouse before icehouse-rc2 allows remote malicious users to inject arbitrary web script or HTML via the description field of a Heat template.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openstack horizon 2013.2.3
openstack horizon 2013.2.2
openstack horizon 2013.2.1
openstack horizon 2013.2
opensuse opensuse 13.1

Debian Bug report logs - #744019 CVE-2014-0157: XSS in Horizon orchestration dashboard Package: src:horizon; Maintainer for src:horizon is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Thomas Goirand <zigo@debianorg> Date: Wed, 9 Apr 2014 09:21:01 UTC Severity: important Found in version hori ...

OpenStack Horizon did not properly process Heat templates ...

Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 20132 before 201324 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template ...

CWE-79 https://launchpad.net/bugs/1289033 http://www.openwall.com/lists/oss-security/2014/04/08/8 http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html http://www.securityfocus.com/bid/66706 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744019 https://usn.ubuntu.com/2206-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-0157

CVE-2014-0157

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect