CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45582
https://notcve.org/view.php?id=CVE-2022-45582
22 Aug 2023 — Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter. • https://bugs.launchpad.net/horizon/+bug/1982676 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 1CVE-2020-29565 – python-django-horizon: dashboard allows open redirect
https://notcve.org/view.php?id=CVE-2020-29565
04 Dec 2020 — An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL. Se detectó un problema en OpenStack Horizon versiones 15.3.2, versiones 16.x anteriores a 16.2.1, versiones 17.x y versiones 18.x anteriores a 18.3.3, versiones 18.4.x y 18.5.x. Se presenta un... • http://www.openwall.com/lists/oss-security/2020/12/08/2 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2012-5474
https://notcve.org/view.php?id=CVE-2012-5474
30 Dec 2019 — The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value. El archivo /etc/openstack-dashboard/local_settings dentro de Red Hat OpenStack Platform versión 2.0 y RHOS Essex Release (paquete python-django-horizon versiones anteriores a la versión 2012.1.1) es de tipo world readable y expone el valor de la clave secreta. • http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092841.html • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2012-5476
https://notcve.org/view.php?id=CVE-2012-5476
30 Dec 2019 — Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value. En RHOS Essex Preview (versión 2012.2) del paquete del panel de control de OpenStack, el archivo /etc/quantum/quantum.conf es de tipo world readable y expone la contraseña de administrador y el valor del token. • https://access.redhat.com/security/cve/cve-2012-5476 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.8EPSS: 0%CPEs: 19EXPL: 0CVE-2017-7400 – python-django-horizon: XSS in federation mappings UI
https://notcve.org/view.php?id=CVE-2017-7400
03 Apr 2017 — OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping. OpenStack Horizon 9.x a través de 9.1.1, 10.x en versiones hasta 10.0.2 y 11.0.0 permite a los administradores autenticados remotos realizar ataques XSS a través de una asignación de federación manipulada. A cross-site scripting flaw was discovered in the OpenStack dashboard (horizon) which allowed remote authenticated administrators to cond... • http://www.securityfocus.com/bid/97324 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 11EXPL: 0CVE-2016-4428 – python-django-horizon: XSS in client side template
https://notcve.org/view.php?id=CVE-2016-4428
22 Jun 2016 — Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form. Vulnerabilidad de XSS en OpenStack Dashboard (Horizon) 8.0.1 y versiones anteriores y 9.0.0 hasta la versión 9.0.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrario inyectando una plantilla AngularJS en un formulario del cu... • http://www.debian.org/security/2016/dsa-3617 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 1CVE-2015-3219 – python-django-horizon: XSS in Heat stack creation
https://notcve.org/view.php?id=CVE-2015-3219
20 Aug 2015 — Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class. Vulnerabilidad de XSS en la sección Orchestration/Stack en OpenStack Dashboard (Horizon) 2014.2 en versiones anteriores a 2014.2.4 y 2015.1.x en versiones anteri... • http://lists.openstack.org/pipermail/openstack-announce/2015-June/000361.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3988 – python-django-horizon: persistent XSS in Horizon metadata dashboard
https://notcve.org/view.php?id=CVE-2015-3988
19 May 2015 — Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate. Múltiples vulnerabilidades de XSS en OpenStack Dashboard (Horizon) 2015.1.0 permiten a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de los metadatos en (1) una imagen Glance, (2) un sabor Nova o (3) Host Aggregate. A f... • http://rhn.redhat.com/errata/RHSA-2015-1679.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-8124 – python-django-horizon: denial of service via login page requests
https://notcve.org/view.php?id=CVE-2014-8124
12 Dec 2014 — OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page. OpenStack Dashboard (Horizon) anterior a 2014.1.3 y 2014.2.x anterior a 2014.2.1 no maneja correctamente los archivos de sesiones cuando utiliza un motor de sesión db o memcached, lo que permite a atacantes remotos causar una denegación de se... • http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147520.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 0CVE-2014-8578 – openstack-horizon: multiple XSS flaws
https://notcve.org/view.php?id=CVE-2014-8578
31 Oct 2014 — Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475. Vulnerabilidad de XSS en el panel Groups en OpenStack Dashboard (Horizon) anterior a 2013.2.4, 2014.1 anterior a 2014.1.2, y Juno anterior a Juno-2 permite a administradores remotos inyectar secuencias de comandos ... • http://www.openwall.com/lists/oss-security/2014/07/08/6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •