CVE-2013-6858 – openstack: horizon multiple XSS vulnerabilities.
https://notcve.org/view.php?id=CVE-2013-6858
Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page. Múltiples vulnerabilidades de XSS en OpenStack Dashboard (Horizon) 2013.2 y anteriores versiones permiten a usuarios locales inyectar script web o HTML arbitrario a través de un nombre de instancia en (1) "Volumes" o (2) "Network Topology". • http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html http://secunia.com/advisories/55770 http://secunia.com/advisories/56117 http://www.securityfocus.com/bid/63787 http://www.ubuntu.com/usn/USN-2062-1 https://bugs.launchpad.net/horizon/+bug/1247675 https://access.redhat.com/security/cve/CVE-2013-6858 https://bugzilla.redhat.com/show_bug.cgi?id=1034153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-2094
https://notcve.org/view.php?id=CVE-2012-2094
Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el mecanismo de actualización del visor de registro en horizon/static/horizon/js/horizon.js en OpenStack Dashboard (Horizon) Folsom-1 y v2012.1 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de la consola de invitado. • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079160.html http://secunia.com/advisories/49024 http://secunia.com/advisories/49071 http://ubuntu.com/usn/usn-1439-1 http://www.osvdb.org/81742 https://bugs.launchpad.net/horizon/+bug/977944 https://exchange.xforce.ibmcloud.com/vulnerabilities/76136 https://github.com/openstack/horizon/commit/7f8c788aa70db98ac904f37fa4197fcabb802942 https://lists.launchpad.net/openstack/msg10211.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-2144
https://notcve.org/view.php?id=CVE-2012-2144
Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie. Vulnerabilidad de fijación de sesión en OpenStack Dashboard (Horizon) Folsom-1 y v2012.1 permite a atacantes remotos secuestrar sesiones web a través de la cookie SessionID. • http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081173.html http://secunia.com/advisories/49024 http://secunia.com/advisories/49071 http://ubuntu.com/usn/usn-1439-1 http://www.openwall.com/lists/oss-security/2012/05/05/1 http://www.osvdb.org/81741 http://www.securityfocus.com/bid/53399 https://bugs.launchpad.net/horizon/+bug/978896 https://exchange.xforce.ibmcloud.com/vulnerabilities/75423 https://github.com/openstack/horizon/commit/041b1c44c7d6cf5429505067c32f8f35 •