Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1yaGpqLWY2Z3EtNmd4Ms4AAcZb

Moderate CVSS: 5.3 EPSS: 0.00408% (0.60403 Percentile) EPSS:
Permalink JSON

OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability

Affected Packages Affected Versions Fixed Versions
pypi:horizon < 8.0.0a0 8.0.0a0
31 Dependent packages
90 Dependent repositories
39,367 Downloads last month

Affected Version Ranges

All affected versions

All unaffected versions

12.0.2, 12.0.3, 12.0.4, 13.0.0, 13.0.1, 13.0.2, 13.0.3, 14.0.0, 14.0.1, 14.0.2, 14.0.3, 14.0.4, 14.1.0, 15.0.0, 15.1.0, 15.1.1, 15.2.0, 15.3.0, 15.3.1, 15.3.2, 16.0.0, 16.1.0, 16.2.0, 16.2.1, 16.2.2, 17.0.0, 17.1.0, 18.0.0, 18.1.0, 18.2.0, 18.3.0, 18.3.1, 18.3.2, 18.3.3, 18.3.4, 18.3.5, 18.4.0, 18.4.1, 18.5.0, 18.6.0, 18.6.1, 18.6.2, 18.6.3, 18.6.4, 19.0.0, 19.1.0, 19.2.0, 19.3.0, 19.4.0, 20.0.0, 20.1.0, 20.1.1, 20.1.2, 20.1.3, 20.1.4, 20.2.0, 21.0.0, 22.0.0, 22.1.0, 22.1.1, 22.2.0, 23.0.0, 23.0.1, 23.0.2, 23.1.0, 23.1.1, 23.2.0, 23.3.0, 23.3.1, 23.4.0, 24.0.0, 24.0.1, 25.0.0, 25.1.0, 25.2.0, 25.3.0, 25.4.0

Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class.

References:

Identifiers

GHSA-rhjj-f6gq-6gx2

CVE-2015-3219

Risk

Severity

Moderate

CVSS

CVSS Score: 5.3

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

EPSS

EPSS Percentage: 0.00408

EPSS Percentile: 0.60403

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/openstack/horizon

Date and time

Published

about 3 years ago

Updated

8 months ago

API

JSON