CVE-2015-3219Cross-site Scripting in Horizon

CWE-79Cross-site Scripting9 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
0.4%
top 38.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Debian LinuxOpenstack HorizonOracle Solaris
Timeline
PublishedAug 20
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDopenstack/horizon5 versions+4
NVDoracle/solaris11.2

Also affects: Debian Linux 8.0

Patches

Patch: lists.openstack.orgPatch: www.openwall.comPatch: lists.openstack.org

🔴Vulnerability Details

4
GHSA
OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability2022-05-17
OSV
OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability2022-05-17
CVEList
CVE-2015-3219: Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 20142015-08-20
OSV
CVE-2015-3219: Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 20142015-08-20

📋Vendor Advisories

2
Red Hat
python-django-horizon: XSS in Heat stack creation2015-06-09
Debian
CVE-2015-3219: horizon - Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in O...2015

💬Community

2
Bugzilla
CVE-2015-3219 python-django-horizon: XSS in Horizon Heat stack creation [fedora-all]2015-06-11
Bugzilla
CVE-2015-3219 python-django-horizon: XSS in Heat stack creation2015-06-05
CVE-2015-3219 — Cross-site Scripting in Horizon | cvebase