Cross-Site Scripting Vulnerability in OpenStack Dashboard by OpenStack
CVE-2014-3473

Currently unrated

Key Information:

Vendor: Openstack
Status: Horizon
Vendor: CVE Published:; 31 October 2014

Summary

The OpenStack Dashboard (Horizon) is susceptible to a Cross-Site Scripting (XSS) vulnerability within the Orchestration/Stack section, affecting versions prior to 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2. This flaw allows remote attackers, particularly those controlling Orchestration template owners or catalogs, to inject arbitrary web scripts or HTML code through crafted templates. Such an attack can lead to unauthorized actions on behalf of users when they interact with the vulnerable component, potentially compromising sensitive data or system integrity.

References

http://www.openwall.com/lists/oss-security/2014/07/08/6

mailing-listx_refsource_MLIST

http://www.securityfocus.com/bid/68459

vdb-entryx_refsource_BID

https://bugs.launchpad.net/horizon/+bug/1308727

x_refsource_CONFIRM

Timeline

Vulnerability published
Oct 31, 2014
Vulnerability Reserved
May 14, 2014