VYPR

Horizon

by OpenStack

pypi: horizon

Source repositories

CVEs (27)

  • CVE-2014-0157Apr 15, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat…

  • CVE-2013-6858Nov 23, 2013
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page.

  • CVE-2012-3542Sep 5, 2012
    risk 0.00cvss epss 0.02

    OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was…

  • CVE-2012-3540Sep 5, 2012
    risk 0.00cvss epss 0.03

    Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally…

  • CVE-2012-3426Jul 31, 2012
    risk 0.00cvss epss 0.02

    OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token…

  • CVE-2012-2144Jun 5, 2012
    risk 0.00cvss epss 0.02

    Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie.

  • CVE-2012-2094Jun 5, 2012
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console.

Page 2 of 2