CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 1CVE-2020-29565 – python-django-horizon: dashboard allows open redirect
https://notcve.org/view.php?id=CVE-2020-29565
04 Dec 2020 — An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL. Se detectó un problema en OpenStack Horizon versiones 15.3.2, versiones 16.x anteriores a 16.2.1, versiones 17.x y versiones 18.x anteriores a 18.3.3, versiones 18.4.x y 18.5.x. Se presenta un... • http://www.openwall.com/lists/oss-security/2020/12/08/2 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3997
https://notcve.org/view.php?id=CVE-2020-3997
23 Oct 2020 — VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. Successful exploitation of this issue may allow an attacker to inject malicious script which will be executed. VMware Horizon Server (versiones 7.x anteriores a 7.10.3 o 7.13.0), contiene una vulnerabilidad de tipo Cross Site Scripting (XSS). Una explotación con éxito de este problema puede permitir a un atacante inyectar un script malicioso que será ejecutado • https://www.vmware.com/security/advisories/VMSA-2020-0024.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2020-11886
https://notcve.org/view.php?id=CVE-2020-11886
17 Apr 2020 — OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList.htm (aka the NodeListController) via snmpParm or snmpParmValue to addCriteriaForSnmpParm. This affects Horizon before 25.2.1, Meridian 2019 before 2019.1.4, Meridian 2018 before 2018.1.16, and Meridian 2017 before 2017.1.21. OpenNMS Horizon and Meridian, permite una inyección HQL en el archivo element/nodeList.htm (también se conoce como NodeListController) por medio de snmpParm o snmpParmValue en la función addCriteriaForSnmpParm. Esto a... • https://issues.opennms.org/browse/NMS-12572 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 187EXPL: 0CVE-2019-5527 – VMware Security Advisory 2019-0014
https://notcve.org/view.php?id=CVE-2019-5527
20 Sep 2019 — ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5. ESXi, Workstation, Fusion, VMRC y Horizon Client contienen una vulnerabilidad uso de la memoria previamente liberada en el dispositivo de sonido virtual. VMware ha evaluado la gravedad de este problema para estar en el rango de gravedad Importante con un puntaje bas... • https://www.vmware.com/security/advisories/VMSA-2019-0014.html • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-5513 – VMware Security Advisory 2019-0003
https://notcve.org/view.php?id=CVE-2019-5513
15 Mar 2019 — VMware Horizon Connection Server (7.x before 7.8, 7.5.x before 7.5.2, 6.x before 6.2.8) contains an information disclosure vulnerability. Successful exploitation of this issue may allow disclosure of internal domain names, the Connection Server’s internal name, or the gateway’s internal IP address. VMware Horizon Connection Server (7.x anterior a la versión 7.8, 7.5.x anterior de 7.5.2, 6.x anterior de 6.2.8) contiene una vulnerabilidad de divulgación de información. La explotación con éxito de este problem... • https://www.vmware.com/security/advisories/VMSA-2019-0003.html •
CVSS: 4.8EPSS: 0%CPEs: 19EXPL: 0CVE-2017-7400 – python-django-horizon: XSS in federation mappings UI
https://notcve.org/view.php?id=CVE-2017-7400
03 Apr 2017 — OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping. OpenStack Horizon 9.x a través de 9.1.1, 10.x en versiones hasta 10.0.2 y 11.0.0 permite a los administradores autenticados remotos realizar ataques XSS a través de una asignación de federación manipulada. A cross-site scripting flaw was discovered in the OpenStack dashboard (horizon) which allowed remote authenticated administrators to cond... • http://www.securityfocus.com/bid/97324 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 11EXPL: 0CVE-2016-4428 – python-django-horizon: XSS in client side template
https://notcve.org/view.php?id=CVE-2016-4428
22 Jun 2016 — Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form. Vulnerabilidad de XSS en OpenStack Dashboard (Horizon) 8.0.1 y versiones anteriores y 9.0.0 hasta la versión 9.0.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrario inyectando una plantilla AngularJS en un formulario del cu... • http://www.debian.org/security/2016/dsa-3617 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •