Unrated severityNVD Advisory· Published May 19, 2015· Updated Jun 17, 2026
CVE-2015-3988
CVE-2015-3988
Description
Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*
- osv-coords3 versionspkg:rpm/suse/crowbar-barclamp-nova_dashboard&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-dashboard&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/python-django_openstack_auth&distro=SUSE%20OpenStack%20Cloud%205
< 1.9+git.1443622531.b2b2939-9.3+ 2 more
- (no CPE)range: < 1.9+git.1443622531.b2b2939-9.3
- (no CPE)range: < 2014.2.4~a0~dev12-13.2
- (no CPE)range: < 1.1.7-11.3
Patches
Vulnerability mechanics
References
6- www.openwall.com/lists/oss-security/2015/05/12/9nvdThird Party Advisory
- www.openwall.com/lists/oss-security/2015/05/14/14nvdThird Party Advisory
- www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/74666nvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2015-1679.htmlnvd
- security.openstack.org/ossa/OSSA-2015-009.htmlnvd
News mentions
0No linked articles in our index yet.