openstack horizon CVE Vulnerabilities (24)

CVEs: 24 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting openstack horizon (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 2124 of 24 CVEs
«« First « Prev Page 2 / 2 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2012-3540 Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by mistake. [email protected] 5.8 2.90% 2012-09-05 2026-06-16
CVE-2012-3426 OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password. [email protected] 4.9 2.27% 2012-07-31 2026-06-16
CVE-2012-2144 Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie. [email protected] 6.8 2.11% 2012-06-05 2026-06-16
CVE-2012-2094 Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console. [email protected] 4.3 2.42% 2012-06-05 2026-06-16
«« First « Prev Page 2 / 2 Next »
cvelogic Threat Intelligence