Skip to content

OpenStack Horizon Cross-site scripting (XSS) vulnerability

Low severity GitHub Reviewed Published May 13, 2022 to the GitHub Advisory Database • Updated Oct 19, 2023

Package

pip horizon (pip)

Affected versions

< 8.0.0a0

Patched versions

8.0.0a0

Description

Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a network name.

References

Published by the National Vulnerability Database Oct 31, 2014
Published to the GitHub Advisory Database May 13, 2022
Reviewed Oct 19, 2023
Last updated Oct 19, 2023

Severity

Low

EPSS score

0.142%
(51st percentile)

Weaknesses

CVE ID

CVE-2014-3474

GHSA ID

GHSA-j57p-g33w-95c5

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.