Medium severity4.8NVD Advisory· Published Apr 3, 2017· Updated Jun 17, 2026
CVE-2017-7400
CVE-2017-7400
Description
OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
horizonPyPI | >= 9.0, < 9.1.2 | 9.1.2 |
horizonPyPI | >= 10.0, < 10.0.3 | 10.0.3 |
horizonPyPI | >= 11.0.0, < 11.0.1 | 11.0.1 |
Affected products
37cpe:2.3:a:openstack:horizon:10.0.0:*:*:*:*:*:*:*+ 18 more
- cpe:2.3:a:openstack:horizon:10.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:horizon:10.0.0:b1:*:*:*:*:*:*
- cpe:2.3:a:openstack:horizon:10.0.0:b2:*:*:*:*:*:*
- cpe:2.3:a:openstack:horizon:10.0.0:b3:*:*:*:*:*:*
- cpe:2.3:a:openstack:horizon:10.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:openstack:horizon:10.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:openstack:horizon:10.0.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:openstack:horizon:10.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:horizon:10.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:horizon:11.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:horizon:9.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:horizon:9.0.0:b1:*:*:*:*:*:*
- cpe:2.3:a:openstack:horizon:9.0.0:b2:*:*:*:*:*:*
- cpe:2.3:a:openstack:horizon:9.0.0:b3:*:*:*:*:*:*
- cpe:2.3:a:openstack:horizon:9.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:openstack:horizon:9.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:openstack:horizon:9.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:horizon:9.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:horizon:9.1.1:*:*:*:*:*:*:*
- ghsa-coords18 versionspkg:pypi/horizonpkg:rpm/suse/openstack-ceilometer&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-ceilometer-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-cinder-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-dashboard&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-glance&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-glance-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-heat&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-heat-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-keystone&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-keystone-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-magnum&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-magnum-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-manila&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-manila-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%207
>= 9.0, < 9.1.2+ 17 more
- (no CPE)range: >= 9.0, < 9.1.2
- (no CPE)range: < 7.0.4~a0~dev7-3.1
- (no CPE)range: < 7.0.4~a0~dev7-3.2
- (no CPE)range: < 9.1.5~a0~dev1-3.1
- (no CPE)range: < 9.1.5~a0~dev1-3.1
- (no CPE)range: < 10.0.4~a0~dev2-3.1
- (no CPE)range: < 13.0.1~a0~dev6-3.1
- (no CPE)range: < 13.0.1~a0~dev6-3.3
- (no CPE)range: < 7.0.4~a0~dev4-4.1
- (no CPE)range: < 7.0.4~a0~dev4-4.2
- (no CPE)range: < 10.0.2~a0~dev2-6.1
- (no CPE)range: < 10.0.2~a0~dev2-6.2
- (no CPE)range: < 3.1.2~a0~dev22-13.1
- (no CPE)range: < 3.1.2~a0~dev22-13.1
- (no CPE)range: < 3.0.1~a0~dev27-3.1
- (no CPE)range: < 3.0.1~a0~dev27-3.1
- (no CPE)range: < 14.0.6~a0~dev16-3.1
- (no CPE)range: < 14.0.6~a0~dev16-3.3
Patches
Vulnerability mechanics
References
10- www.securityfocus.com/bid/97324nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-47vp-44v9-rhgqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-7400ghsaADVISORY
- access.redhat.com/errata/RHSA-2017:1598nvdWEB
- access.redhat.com/errata/RHSA-2017:1739nvdWEB
- launchpad.net/bugs/1667086nvdWEB
- opendev.org/openstack/horizon/commit/1407cfe53144146b29679de21f28c952282043aeghsaWEB
- opendev.org/openstack/horizon/commit/511b325b45b6bd7a88bb6df1a4639b80d0121277ghsaWEB
- opendev.org/openstack/horizon/commit/a835dbfbaa2c70329c08d4b8429d49315dc6d651ghsaWEB
- opendev.org/openstack/horizon/commit/ce80bb6fec3cb0262728e7ae8b9d695cf832e5bfghsaWEB
News mentions
0No linked articles in our index yet.