Page 2 of 11 results (0.014 seconds)

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 1

Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name. Vulnerabilidad de XSS en la interfaz Host Aggregates en OpenStack Dashboard (Horizon) anterior a 2013.2.4, 2014.1 anterior a 2014.1.2, y Juno anterior a Juno-3 permite a administradores remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de agregado de anfitrión nuevo. A persistent cross-site scripting (XSS) flaw was found in the horizon host aggregate interface. A user with sufficient privileges to add a host aggregate could potentially use this flaw to capture the credentials of another user. • http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html http://rhn.redhat.com/errata/RHSA-2014-1335.html http://rhn.redhat.com/errata/RHSA-2014-1336.html http://seclists.org/oss-sec/2014/q3/413 http://www.securityfocus.com/bid/69291 https://bugs.launchpad.net/horizon/+bug/1349491 https://exchange.xforce.ibmcloud.com/vulnerabilities/95378 https://review.openstack.org/#/c/115310 https://review.openstack.org/#/c/115311 https://review.openstack.org/# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when used with Heat, allows remote Orchestration template owners or catalogs to inject arbitrary web script or HTML via a crafted template. Vulnerabilidad de XSS en la sección Orchestration/Stack en el cuadro de mandos Horizon Orchestration en OpenStack Dashboard (Horizon) anterior a 2013.2.4, 2014.1 anterior a 2014.1.2, y Juno anterior a Juno-2, cuando utilizado con Heat, permite a dueños o catálogos de plantillas Orchestration inyectar secuencias de comandos web o HTML arbitrarios a través de una plantilla manipulada. • http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html http://www.openwall.com/lists/oss-security/2014/07/08/6 http://www.securityfocus.com/bid/68459 https://bugs.launchpad.net/horizon/+bug/1308727 https://access.redhat.com/security/cve/CVE-2014-3473 https://bugzilla.redhat.com/show_bug.cgi?id=1116090 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1

Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a network name. Vulnerabilidad de XSS en horizon/static/horizon/js/horizon.instances.js en el menú Launch Instance en OpenStack Dashboard (Horizon) anterior a 2013.2.4, 2014.1 anterior a 2014.1.2, y Juno anterior a Juno-2 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de red. • http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html http://www.openwall.com/lists/oss-security/2014/07/08/6 http://www.securityfocus.com/bid/68460 https://bugs.launchpad.net/horizon/+bug/1322197 https://review.openstack.org/#/c/105477 https://access.redhat.com/security/cve/CVE-2014-3474 https://bugzilla.redhat.com/show_bug.cgi?id=1116090 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-8578. Vulnerabilidad de XSS en el panel de usuarios (admin/users/) en OpenStack Dashboard (Horizon) anterior a 2013.2.4, 2014.1 anterior a 2014.1.2, y Juno anterior a Juno-2 permite a administradores remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una dirección de email de un usuario, una vulnerabilidad diferente a CVE-2014-8578. • http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html http://www.openwall.com/lists/oss-security/2014/07/08/6 http://www.securityfocus.com/bid/68456 https://bugs.launchpad.net/horizon/+bug/1320235 https://access.redhat.com/security/cve/CVE-2014-3475 https://bugzilla.redhat.com/show_bug.cgi?id=1116090 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el mecanismo de actualización del visor de registro en horizon/static/horizon/js/horizon.js en OpenStack Dashboard (Horizon) Folsom-1 y v2012.1 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de la consola de invitado. • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079160.html http://secunia.com/advisories/49024 http://secunia.com/advisories/49071 http://ubuntu.com/usn/usn-1439-1 http://www.osvdb.org/81742 https://bugs.launchpad.net/horizon/+bug/977944 https://exchange.xforce.ibmcloud.com/vulnerabilities/76136 https://github.com/openstack/horizon/commit/7f8c788aa70db98ac904f37fa4197fcabb802942 https://lists.launchpad.net/openstack/msg10211.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •