Page 10 of 49 results (0.057 seconds)

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page. Múltiples vulnerabilidades de XSS en OpenStack Dashboard (Horizon) 2013.2 y anteriores versiones permiten a usuarios locales inyectar script web o HTML arbitrario a través de un nombre de instancia en (1) "Volumes" o (2) "Network Topology". • http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html http://secunia.com/advisories/55770 http://secunia.com/advisories/56117 http://www.securityfocus.com/bid/63787 http://www.ubuntu.com/usn/USN-2062-1 https://bugs.launchpad.net/horizon/+bug/1247675 https://access.redhat.com/security/cve/CVE-2013-6858 https://bugzilla.redhat.com/show_bug.cgi?id=1034153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1

Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by mistake. Una vulnerabilidad de redireción abierta en views/auth_forms.py en OpenStack Dashboard (Horizon) Essex (2012.1) permite a atacantes remotos redirigir a los usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a través de una URL en el parámetro siguiente a auth/login/. NOTA: este problema se le asignó originalmente CVE-2012-3542 por error • http://secunia.com/advisories/50480 http://www.openwall.com/lists/oss-security/2012/08/30/4 http://www.openwall.com/lists/oss-security/2012/08/30/5 http://www.securityfocus.com/bid/55329 http://www.ubuntu.com/usn/USN-1565-1 https://bugs.launchpad.net/horizon/+bug/1039077 https://exchange.xforce.ibmcloud.com/vulnerabilities/78196 https://github.com/openstack/horizon/commit/35eada8a27323c0f83c400177797927aba6bc99b https://lists.launchpad.net/openstack/msg16278.html https://lists.l • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el mecanismo de actualización del visor de registro en horizon/static/horizon/js/horizon.js en OpenStack Dashboard (Horizon) Folsom-1 y v2012.1 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de la consola de invitado. • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079160.html http://secunia.com/advisories/49024 http://secunia.com/advisories/49071 http://ubuntu.com/usn/usn-1439-1 http://www.osvdb.org/81742 https://bugs.launchpad.net/horizon/+bug/977944 https://exchange.xforce.ibmcloud.com/vulnerabilities/76136 https://github.com/openstack/horizon/commit/7f8c788aa70db98ac904f37fa4197fcabb802942 https://lists.launchpad.net/openstack/msg10211.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 2%CPEs: 2EXPL: 1

Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie. Vulnerabilidad de fijación de sesión en OpenStack Dashboard (Horizon) Folsom-1 y v2012.1 permite a atacantes remotos secuestrar sesiones web a través de la cookie SessionID. • http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081173.html http://secunia.com/advisories/49024 http://secunia.com/advisories/49071 http://ubuntu.com/usn/usn-1439-1 http://www.openwall.com/lists/oss-security/2012/05/05/1 http://www.osvdb.org/81741 http://www.securityfocus.com/bid/53399 https://bugs.launchpad.net/horizon/+bug/978896 https://exchange.xforce.ibmcloud.com/vulnerabilities/75423 https://github.com/openstack/horizon/commit/041b1c44c7d6cf5429505067c32f8f35 •