Moderate severityNVD Advisory· Published Aug 20, 2015· Updated Jun 17, 2026
CVE-2015-3219
CVE-2015-3219
Description
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
horizonPyPI | < 8.0.0a0 | 8.0.0a0 |
Affected products
11cpe:2.3:a:openstack:horizon:2014.2.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:openstack:horizon:2014.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:horizon:2014.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:horizon:2014.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:horizon:2014.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:horizon:2015.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*
- ghsa-coords4 versionspkg:pypi/horizonpkg:rpm/suse/crowbar-barclamp-nova_dashboard&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-dashboard&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/python-django_openstack_auth&distro=SUSE%20OpenStack%20Cloud%205
< 8.0.0a0+ 3 more
- (no CPE)range: < 8.0.0a0
- (no CPE)range: < 1.9+git.1443622531.b2b2939-9.3
- (no CPE)range: < 2014.2.4~a0~dev12-13.2
- (no CPE)range: < 1.1.7-11.3
Patches
Vulnerability mechanics
References
13- lists.openstack.org/pipermail/openstack-announce/2015-June/000361.htmlnvdPatchVendor AdvisoryWEB
- www.openwall.com/lists/oss-security/2015/06/09/7nvdPatchWEB
- bugs.launchpad.net/horizon/+bug/1453074nvdExploitVendor AdvisoryWEB
- www.debian.org/security/2016/dsa-3617nvdThird Party AdvisoryWEB
- www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlnvdThird Party AdvisoryWEB
- www.securityfocus.com/bid/75109nvdThird Party Advisory
- github.com/advisories/GHSA-rhjj-f6gq-6gx2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-3219ghsaADVISORY
- rhn.redhat.com/errata/RHSA-2015-1679.htmlnvdWEB
- github.com/openstack/horizon/commit/28d8f49786d6df297b2574514916fa782e941e09ghsaWEB
- github.com/openstack/horizon/commit/84da479739fbfff75d9492d00fd0ed1a31ea52b3ghsaWEB
- github.com/openstack/horizon/commit/dab92e7d2f576caea8f81c8e22a516fb45633794ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/horizon/PYSEC-2015-40.yamlghsaWEB
News mentions
0No linked articles in our index yet.