CVE-2012-2094Cross-site Scripting in Horizon

CWE-79Cross-site Scripting9 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
1.3%
top 20.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openstack Horizon
Timeline
PublishedJun 5
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDopenstack/horizon2012.1, folsom-1+1

🔴Vulnerability Details

4
OSV
OpenStack Horizon Cross-site scripting (XSS) vulnerability2022-05-17
GHSA
OpenStack Horizon Cross-site scripting (XSS) vulnerability2022-05-17
OSV
CVE-2012-2094: Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon2012-06-05
CVEList
CVE-2012-2094: Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon2012-06-05

📋Vendor Advisories

2
Ubuntu
Horizon vulnerabilities2012-05-07
Debian
CVE-2012-2094: horizon - Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log vie...2012

💬Community

2
Bugzilla
CVE-2012-2094 python-django-horizon: XSS vulnerability in Horizon log viewer2012-04-17
Bugzilla
CVE-2012-2094 python-django-horizon: XSS vulnerability in Horizon log viewer [fedora-17]2012-04-17
CVE-2012-2094 — Cross-site Scripting in Horizon | cvebase