CVE-2014-3594 — Cross-site Scripting in Horizon
Severity
3.5LOWNVD
EPSS
0.6%
top 30.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 22
Latest updateMay 13
Description
Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name.
CVSS vector
AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9
Affected Packages2 packages
Patches
🔴Vulnerability Details
4OSV▶
OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability in the Host Aggregates interface↗2022-05-13
GHSA▶
OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability in the Host Aggregates interface↗2022-05-13
OSV▶
CVE-2014-3594: Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013↗2014-08-22
CVEList▶
CVE-2014-3594: Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013↗2014-08-22