CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2012-5476
https://notcve.org/view.php?id=CVE-2012-5476
30 Dec 2019 — Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value. En RHOS Essex Preview (versión 2012.2) del paquete del panel de control de OpenStack, el archivo /etc/quantum/quantum.conf es de tipo world readable y expone la contraseña de administrador y el valor del token. • https://access.redhat.com/security/cve/cve-2012-5476 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 187EXPL: 0CVE-2019-5527 – VMware Security Advisory 2019-0014
https://notcve.org/view.php?id=CVE-2019-5527
20 Sep 2019 — ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5. ESXi, Workstation, Fusion, VMRC y Horizon Client contienen una vulnerabilidad uso de la memoria previamente liberada en el dispositivo de sonido virtual. VMware ha evaluado la gravedad de este problema para estar en el rango de gravedad Importante con un puntaje bas... • https://www.vmware.com/security/advisories/VMSA-2019-0014.html • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-5513 – VMware Security Advisory 2019-0003
https://notcve.org/view.php?id=CVE-2019-5513
15 Mar 2019 — VMware Horizon Connection Server (7.x before 7.8, 7.5.x before 7.5.2, 6.x before 6.2.8) contains an information disclosure vulnerability. Successful exploitation of this issue may allow disclosure of internal domain names, the Connection Server’s internal name, or the gateway’s internal IP address. VMware Horizon Connection Server (7.x anterior a la versión 7.8, 7.5.x anterior de 7.5.2, 6.x anterior de 6.2.8) contiene una vulnerabilidad de divulgación de información. La explotación con éxito de este problem... • https://www.vmware.com/security/advisories/VMSA-2019-0003.html •
CVSS: 4.8EPSS: 0%CPEs: 19EXPL: 0CVE-2017-7400 – python-django-horizon: XSS in federation mappings UI
https://notcve.org/view.php?id=CVE-2017-7400
03 Apr 2017 — OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping. OpenStack Horizon 9.x a través de 9.1.1, 10.x en versiones hasta 10.0.2 y 11.0.0 permite a los administradores autenticados remotos realizar ataques XSS a través de una asignación de federación manipulada. A cross-site scripting flaw was discovered in the OpenStack dashboard (horizon) which allowed remote authenticated administrators to cond... • http://www.securityfocus.com/bid/97324 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 11EXPL: 0CVE-2016-4428 – python-django-horizon: XSS in client side template
https://notcve.org/view.php?id=CVE-2016-4428
22 Jun 2016 — Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form. Vulnerabilidad de XSS en OpenStack Dashboard (Horizon) 8.0.1 y versiones anteriores y 9.0.0 hasta la versión 9.0.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrario inyectando una plantilla AngularJS en un formulario del cu... • http://www.debian.org/security/2016/dsa-3617 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 1CVE-2015-3219 – python-django-horizon: XSS in Heat stack creation
https://notcve.org/view.php?id=CVE-2015-3219
20 Aug 2015 — Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class. Vulnerabilidad de XSS en la sección Orchestration/Stack en OpenStack Dashboard (Horizon) 2014.2 en versiones anteriores a 2014.2.4 y 2015.1.x en versiones anteri... • http://lists.openstack.org/pipermail/openstack-announce/2015-June/000361.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3988 – python-django-horizon: persistent XSS in Horizon metadata dashboard
https://notcve.org/view.php?id=CVE-2015-3988
19 May 2015 — Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate. Múltiples vulnerabilidades de XSS en OpenStack Dashboard (Horizon) 2015.1.0 permiten a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de los metadatos en (1) una imagen Glance, (2) un sabor Nova o (3) Host Aggregate. A f... • http://rhn.redhat.com/errata/RHSA-2015-1679.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2014-8124 – python-django-horizon: denial of service via login page requests
https://notcve.org/view.php?id=CVE-2014-8124
12 Dec 2014 — OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page. OpenStack Dashboard (Horizon) anterior a 2014.1.3 y 2014.2.x anterior a 2014.2.1 no maneja correctamente los archivos de sesiones cuando utiliza un motor de sesión db o memcached, lo que permite a atacantes remotos causar una denegación de se... • http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147520.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 0CVE-2014-8578 – openstack-horizon: multiple XSS flaws
https://notcve.org/view.php?id=CVE-2014-8578
31 Oct 2014 — Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475. Vulnerabilidad de XSS en el panel Groups en OpenStack Dashboard (Horizon) anterior a 2013.2.4, 2014.1 anterior a 2014.1.2, y Juno anterior a Juno-2 permite a administradores remotos inyectar secuencias de comandos ... • http://www.openwall.com/lists/oss-security/2014/07/08/6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 5EXPL: 1CVE-2014-3594 – openstack-horizon: persistent XSS in Horizon Host Aggregates interface
https://notcve.org/view.php?id=CVE-2014-3594
21 Aug 2014 — Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name. Vulnerabilidad de XSS en la interfaz Host Aggregates en OpenStack Dashboard (Horizon) anterior a 2013.2.4, 2014.1 anterior a 2014.1.2, y Juno anterior a Juno-3 permite a administradores remotos inyectar secuencias de comandos web o HTML arbit... • http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •