Cross-Site Scripting Vulnerability in OpenStack Dashboard by OpenStack
CVE-2014-3474

Currently unrated

Key Information:

Vendor: Openstack
Status: Horizon
Vendor: CVE Published:; 31 October 2014

Summary

A Cross-Site Scripting (XSS) vulnerability exists in the OpenStack Dashboard (Horizon) that enables remote authenticated users to inject arbitrary web scripts or HTML through the network name in the Launch Instance menu. This flaw impacts various versions of Horizon, leaving authenticated users susceptible to executing malicious scripts, potentially compromising the integrity and security of the OpenStack environment.

References

http://www.openwall.com/lists/oss-security/2014/07/08/6

mailing-listx_refsource_MLIST

http://www.securityfocus.com/bid/68460

vdb-entryx_refsource_BID

https://review.openstack.org/#/c/105477

x_refsource_CONFIRM

Timeline

Vulnerability published
Oct 31, 2014
Vulnerability Reserved
May 14, 2014