CVE-2014-0157Cross-site Scripting in Horizon

CWE-79Cross-site Scripting11 documents8 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 50.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Openstack HorizonOpensuse
Timeline
PublishedApr 15
Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDopenstack/horizon4 versions+3

Patches

Patch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

4
OSV
OpenStack Dashboard (aka Horizon) vulnerable to Cross-site Scripting2022-05-14
GHSA
OpenStack Dashboard (aka Horizon) vulnerable to Cross-site Scripting2022-05-14
OSV
CVE-2014-0157: Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 20132014-04-15
CVEList
CVE-2014-0157: Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 20132014-04-15

📋Vendor Advisories

3
Ubuntu
OpenStack Horizon vulnerability2014-05-06
Red Hat
openstack-horizon: XSS in Horizon orchestration dashboard when using a malicious template2014-04-08
Debian
CVE-2014-0157: horizon - Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard ...2014

💬Community

3
Bugzilla
CVE-2014-0157 python-django-horizon: OpenStack: XSS in Horizon orchestration dashboard when using a malicious template [fedora-all]2014-04-09
Bugzilla
CVE-2014-0157 python-django-horizon: OpenStack: XSS in Horizon orchestration dashboard when using a malicious template [epel-6]2014-04-09
Bugzilla
CVE-2014-0157 openstack-horizon: XSS in Horizon orchestration dashboard when using a malicious template2014-04-01
CVE-2014-0157 — Cross-site Scripting in Horizon | cvebase