Cross-Site Scripting Vulnerability in OpenStack Swift by OpenStack
CVE-2014-3497

Currently unrated

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
3 July 2014

Summary

A cross-site scripting vulnerability exists in OpenStack Swift versions 1.11.0 to 1.13.1, allowing remote attackers to inject arbitrary web scripts or HTML into requests via the WWW-Authenticate header. This vulnerability can pose significant risks, potentially enabling attackers to execute JavaScript in the context of the user's session, leading to data theft or unauthorized actions on behalf of the user. It is crucial for administrators using affected versions to apply appropriate security measures and updates to mitigate this risk.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.