OpenStack Horizon Cross-site scripting (XSS) vulnerability

Description

Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a network name.

Basic information

Type
reviewed
Severity
low
Advisory on GitHub
Open advisory ↗
Repository advisory
Source code
Browse source ↗
Published (advisory)
2022-05-13 01:11:28 UTC
Updated
2023-10-19 17:46:22 UTC
GitHub reviewed
2023-10-19 17:45:38 UTC
NVD published
2014-10-31

EPSS Score

Score Percentile
0.30% 53.50%

CVSS Scores

No CVSS scores in this advisory.

Identifiers

CWEs

CWE id Name
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected packages (1)

Vulnerable version ranges and first patched releases as published by GitHub.

Ecosystem Package Vulnerable range First patched Vulnerable functions
pip horizon < 8.0.0a0 8.0.0a0

References

cvelogic Threat Intelligence