Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-3219

Опубликовано: 09 июн. 2015
Источник: redhat
CVSS2: 4.3

Описание

Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class.

A cross-site scripting (XSS) flaw was found in the Horizon orchestration dashboard. An attacker able to trick a Horizon user into using a malicious template during the stack creation could use this flaw to perform an XSS attack on that user.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)python-django-horizonNot affected
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)python-django-horizonNot affected
Red Hat OpenStack Platform 4python-django-horizonNot affected
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7python-django-horizonFixedRHSA-2015:167924.08.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1228534python-django-horizon: XSS in Heat stack creation

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-3219

ubuntu
больше 10 лет назад

Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class.

nvd логотип

CVE-2015-3219

nvd
больше 10 лет назад

Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class.

debian логотип

CVE-2015-3219

debian
больше 10 лет назад

Cross-site scripting (XSS) vulnerability in the Orchestration/Stack se ...

github логотип

GHSA-rhjj-f6gq-6gx2

CVSS3: 6.1
github
больше 3 лет назад

OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability

4.3 Medium

CVSS2