CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-5513 – VMware Security Advisory 2019-0003
https://notcve.org/view.php?id=CVE-2019-5513
15 Mar 2019 — VMware Horizon Connection Server (7.x before 7.8, 7.5.x before 7.5.2, 6.x before 6.2.8) contains an information disclosure vulnerability. Successful exploitation of this issue may allow disclosure of internal domain names, the Connection Server’s internal name, or the gateway’s internal IP address. VMware Horizon Connection Server (7.x anterior a la versión 7.8, 7.5.x anterior de 7.5.2, 6.x anterior de 6.2.8) contiene una vulnerabilidad de divulgación de información. La explotación con éxito de este problem... • https://www.vmware.com/security/advisories/VMSA-2019-0003.html •
CVSS: 4.8EPSS: 0%CPEs: 19EXPL: 0CVE-2017-7400 – python-django-horizon: XSS in federation mappings UI
https://notcve.org/view.php?id=CVE-2017-7400
03 Apr 2017 — OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping. OpenStack Horizon 9.x a través de 9.1.1, 10.x en versiones hasta 10.0.2 y 11.0.0 permite a los administradores autenticados remotos realizar ataques XSS a través de una asignación de federación manipulada. A cross-site scripting flaw was discovered in the OpenStack dashboard (horizon) which allowed remote authenticated administrators to cond... • http://www.securityfocus.com/bid/97324 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 11EXPL: 0CVE-2016-4428 – python-django-horizon: XSS in client side template
https://notcve.org/view.php?id=CVE-2016-4428
22 Jun 2016 — Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form. Vulnerabilidad de XSS en OpenStack Dashboard (Horizon) 8.0.1 y versiones anteriores y 9.0.0 hasta la versión 9.0.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrario inyectando una plantilla AngularJS en un formulario del cu... • http://www.debian.org/security/2016/dsa-3617 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •