Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 prior to 2014.2.4 and 2015.1.x prior to 2015.1.1 allows remote malicious users to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
debian debian linux 8.0 |
||
openstack horizon 2014.2.0 |
||
openstack horizon 2014.2.1 |
||
openstack horizon 2015.1.0 |
||
openstack horizon 2014.2.2 |
||
openstack horizon 2014.2.3 |
||
oracle solaris 11.2 |