Cross-Site Scripting Vulnerabilities in OpenStack Dashboard by OpenStack
CVE-2015-3988

Currently unrated

Key Information:

Vendor: Openstack
Status: Horizon
Vendor: CVE Published:; 19 May 2015

Summary

OpenStack Dashboard (Horizon) version 2015.1.0 is vulnerable to multiple cross-site scripting (XSS) attacks, allowing remote authenticated users to inject arbitrary web scripts or HTML. This can occur via the metadata associated with Glance images, Nova flavors, or Host Aggregates. These vulnerabilities can be exploited to compromise user sessions and manipulate the web interface, leading to unauthorized actions and potential data exposure.

References

http://www.openwall.com/lists/oss-security/2015/05/12/9

mailing-listx_refsource_MLIST

https://security.openstack.org/ossa/OSSA-2015-009.html

x_refsource_CONFIRM

http://www.oracle.com/technetwork/topics/security/bulleti...

x_refsource_CONFIRM

Timeline

Vulnerability published
May 19, 2015
Vulnerability Reserved
May 14, 2015