CVE-2013-6858Cross-site Scripting in Horizon

CWE-79Cross-site Scripting12 documents8 sources
Severity
4.3MEDIUMNVD
EPSS
0.5%
top 34.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Openstack HorizonCanonical Ubuntu LinuxOpensuse
Timeline
PublishedNov 23
Latest updateMay 13

Description

Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDopenstack/horizon2013.12013.2

Also affects: Ubuntu Linux 12.10, 13.04, 13.10

Patches

Patch: bugs.launchpad.netPatch: bugs.launchpad.net

🔴Vulnerability Details

3
GHSA
GHSA-q74p-53hj-4w6q: Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 20132022-05-13
CVEList
CVE-2013-6858: Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 20132013-11-23
OSV
CVE-2013-6858: Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 20132013-11-23

📋Vendor Advisories

4
Ubuntu
OpenStack Horizon vulnerability2013-12-20
Red Hat
openstack: horizon multiple XSS vulnerabilities.2013-11-23
Red Hat
Horizon: Nova strings persistent XSS2013-11-03
Debian
CVE-2013-6858: horizon - Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Hori...2013

💬Community

4
Bugzilla
CVE-2013-6858 python-django-horizon: OpenStack Horizon: Nova strings persistent XSS [epel-6]2013-11-28
Bugzilla
CVE-2013-6858 python-django-horizon: OpenStack Horizon: Nova strings persistent XSS [openstack-rdo]2013-11-28
Bugzilla
CVE-2013-6858 python-django-horizon: OpenStack Horizon: Nova strings persistent XSS [fedora-all]2013-11-28
Bugzilla
CVE-2013-6858 openstack: horizon multiple XSS vulnerabilities.2013-11-25
CVE-2013-6858 — Cross-site Scripting in Horizon | cvebase