Cross-Site Scripting Vulnerability in OpenStack Dashboard by OpenStack
CVE-2014-3473
Currently unrated
Summary
The OpenStack Dashboard (Horizon) is susceptible to a Cross-Site Scripting (XSS) vulnerability within the Orchestration/Stack section, affecting versions prior to 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2. This flaw allows remote attackers, particularly those controlling Orchestration template owners or catalogs, to inject arbitrary web scripts or HTML code through crafted templates. Such an attack can lead to unauthorized actions on behalf of users when they interact with the vulnerable component, potentially compromising sensitive data or system integrity.
References
Timeline
Vulnerability published
Vulnerability Reserved