Описание
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 2:8.0.0~b3-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [1:2014.1.5-0ubuntu1]] |
| precise | not-affected | code not present |
| trusty | not-affected | 1:2014.1.5-0ubuntu1 |
| trusty/esm | DNE | trusty was not-affected [1:2014.1.5-0ubuntu1] |
| upstream | released | 2015.1.1 |
| utopic | ignored | end of life |
| vivid | not-affected | 1:2015.1.1-0ubuntu1 |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class.
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class.
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack se ...
OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability
EPSS
4.3 Medium
CVSS2