CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2014-3473 – openstack-horizon: multiple XSS flaws
https://notcve.org/view.php?id=CVE-2014-3473
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when used with Heat, allows remote Orchestration template owners or catalogs to inject arbitrary web script or HTML via a crafted template. Vulnerabilidad de XSS en la sección Orchestration/Stack en el cuadro de mandos Horizon Orchestration en OpenStack Dashboard (Horizon) anterior a 2013.2.4, 2014.1 anterior a 2014.1.2, y Juno anterior a Juno-2, cuando utilizado con Heat, permite a dueños o catálogos de plantillas Orchestration inyectar secuencias de comandos web o HTML arbitrarios a través de una plantilla manipulada. • http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html http://www.openwall.com/lists/oss-security/2014/07/08/6 http://www.securityfocus.com/bid/68459 https://bugs.launchpad.net/horizon/+bug/1308727 https://access.redhat.com/security/cve/CVE-2014-3473 https://bugzilla.redhat.com/show_bug.cgi?id=1116090 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1CVE-2014-3474 – openstack-horizon: multiple XSS flaws
https://notcve.org/view.php?id=CVE-2014-3474
Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a network name. Vulnerabilidad de XSS en horizon/static/horizon/js/horizon.instances.js en el menú Launch Instance en OpenStack Dashboard (Horizon) anterior a 2013.2.4, 2014.1 anterior a 2014.1.2, y Juno anterior a Juno-2 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de red. • http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html http://www.openwall.com/lists/oss-security/2014/07/08/6 http://www.securityfocus.com/bid/68460 https://bugs.launchpad.net/horizon/+bug/1322197 https://review.openstack.org/#/c/105477 https://access.redhat.com/security/cve/CVE-2014-3474 https://bugzilla.redhat.com/show_bug.cgi?id=1116090 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2014-3475 – openstack-horizon: multiple XSS flaws
https://notcve.org/view.php?id=CVE-2014-3475
Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-8578. Vulnerabilidad de XSS en el panel de usuarios (admin/users/) en OpenStack Dashboard (Horizon) anterior a 2013.2.4, 2014.1 anterior a 2014.1.2, y Juno anterior a Juno-2 permite a administradores remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una dirección de email de un usuario, una vulnerabilidad diferente a CVE-2014-8578. • http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html http://www.openwall.com/lists/oss-security/2014/07/08/6 http://www.securityfocus.com/bid/68456 https://bugs.launchpad.net/horizon/+bug/1320235 https://access.redhat.com/security/cve/CVE-2014-3475 https://bugzilla.redhat.com/show_bug.cgi?id=1116090 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2012-2094
https://notcve.org/view.php?id=CVE-2012-2094
Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el mecanismo de actualización del visor de registro en horizon/static/horizon/js/horizon.js en OpenStack Dashboard (Horizon) Folsom-1 y v2012.1 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de la consola de invitado. • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079160.html http://secunia.com/advisories/49024 http://secunia.com/advisories/49071 http://ubuntu.com/usn/usn-1439-1 http://www.osvdb.org/81742 https://bugs.launchpad.net/horizon/+bug/977944 https://exchange.xforce.ibmcloud.com/vulnerabilities/76136 https://github.com/openstack/horizon/commit/7f8c788aa70db98ac904f37fa4197fcabb802942 https://lists.launchpad.net/openstack/msg10211.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 2%CPEs: 2EXPL: 1CVE-2012-2144
https://notcve.org/view.php?id=CVE-2012-2144
Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie. Vulnerabilidad de fijación de sesión en OpenStack Dashboard (Horizon) Folsom-1 y v2012.1 permite a atacantes remotos secuestrar sesiones web a través de la cookie SessionID. • http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081173.html http://secunia.com/advisories/49024 http://secunia.com/advisories/49071 http://ubuntu.com/usn/usn-1439-1 http://www.openwall.com/lists/oss-security/2012/05/05/1 http://www.osvdb.org/81741 http://www.securityfocus.com/bid/53399 https://bugs.launchpad.net/horizon/+bug/978896 https://exchange.xforce.ibmcloud.com/vulnerabilities/75423 https://github.com/openstack/horizon/commit/041b1c44c7d6cf5429505067c32f8f35 •