Cross-Site Scripting Vulnerabilities in OpenStack Dashboard by OpenStack
CVE-2015-3988

Currently unrated

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
19 May 2015

Summary

OpenStack Dashboard (Horizon) version 2015.1.0 is vulnerable to multiple cross-site scripting (XSS) attacks, allowing remote authenticated users to inject arbitrary web scripts or HTML. This can occur via the metadata associated with Glance images, Nova flavors, or Host Aggregates. These vulnerabilities can be exploited to compromise user sessions and manipulate the web interface, leading to unauthorized actions and potential data exposure.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.