Cross-Site Scripting Vulnerability in OpenStack Dashboard
CVE-2014-8578

Currently unrated

Key Information:

Vendor: Openstack
Status: Horizon
Vendor: CVE Published:; 31 October 2014

Summary

This vulnerability in the OpenStack Dashboard (Horizon) allows remote administrators to exploit user email addresses for injecting arbitrary web scripts or HTML. Such XSS flaws can lead to unauthorized actions being executed in the context of a user's session, posing significant security threats. It affects several versions of the Horizon dashboard, highlighting a critical need for prompt updates to mitigate these risks.

References

http://www.securityfocus.com/bid/68456

vdb-entryx_refsource_BID

https://bugs.launchpad.net/horizon/+bug/1320235

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2014/07/08/6

mailing-listx_refsource_MLIST

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 31, 2014