Cross-Site Scripting Vulnerability in OpenStack Dashboard by OpenStack
CVE-2012-2094

Currently unrated

Key Information:

Vendor: Openstack
Status: Horizon
Vendor: CVE Published:; 5 June 2012

Summary

A cross-site scripting (XSS) vulnerability exists in the refresh mechanism of the log viewer in OpenStack Dashboard (Horizon). This flaw allows remote attackers to inject arbitrary web scripts or HTML via the guest console, potentially compromising the integrity of user data and session management. The vulnerability is present in Horizon versions Folsom-1 and prior to 2012.1, making it critical for affected users to implement security measures to mitigate the risks.

References

http://secunia.com/advisories/49024

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/76136

vdb-entryx_refsource_XF

http://www.osvdb.org/81742

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Jun 5, 2012
Vulnerability Reserved
Apr 4, 2012