Cross-Site Scripting Vulnerability in OpenStack Dashboard by OpenStack
CVE-2014-3594

Currently unrated

Key Information:

Vendor: Openstack
Status: Horizon
Vendor: CVE Published:; 22 August 2014

Summary

A cross-site scripting (XSS) vulnerability exists in the Host Aggregates interface of OpenStack Dashboard (Horizon) where remote administrators can inject arbitrary web scripts or HTML through the new host aggregate name. This issue allows an attacker to potentially execute malicious scripts in the context of users accessing the affected interface, leading to possible data theft or other harmful actions.

References

http://rhn.redhat.com/errata/RHSA-2014-1336.html

vendor-advisoryx_refsource_REDHAT

http://www.securityfocus.com/bid/69291

vdb-entryx_refsource_BID

https://review.openstack.org/#/c/115313/

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 22, 2014
Vulnerability Reserved
May 14, 2014