Cross-Site Scripting Vulnerability in OpenStack Dashboard by OpenStack
CVE-2014-3473

Currently unrated

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
31 October 2014

Summary

The OpenStack Dashboard (Horizon) is susceptible to a Cross-Site Scripting (XSS) vulnerability within the Orchestration/Stack section, affecting versions prior to 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2. This flaw allows remote attackers, particularly those controlling Orchestration template owners or catalogs, to inject arbitrary web scripts or HTML code through crafted templates. Such an attack can lead to unauthorized actions on behalf of users when they interact with the vulnerable component, potentially compromising sensitive data or system integrity.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.