CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 0CVE-2012-2094 – Ubuntu Security Notice USN-1439-1
https://notcve.org/view.php?id=CVE-2012-2094
07 May 2012 — Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el mecanismo de actualización del visor de registro en horizon/static/horizon/js/horizon.js en OpenStack Dashboard (Horizon) Folsom-1 y v2012.1 y anteriores permite ... • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079160.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 1CVE-2012-2144 – Ubuntu Security Notice USN-1439-1
https://notcve.org/view.php?id=CVE-2012-2144
07 May 2012 — Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie. Vulnerabilidad de fijación de sesión en OpenStack Dashboard (Horizon) Folsom-1 y v2012.1 permite a atacantes remotos secuestrar sesiones web a través de la cookie SessionID. Matthias Weckbecker discovered a cross-site scripting (XSS) vulnerability in Horizon via the log viewer refresh mechanism. If a user were tricked into viewing a specially crafted lo... • http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081173.html •