Horizon
by OpenStack
Source repositories
CVEs (27)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-0157 | 0.00 | — | 0.01 | Apr 15, 2014 | Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat… | |||
| CVE-2013-6858 | 0.00 | — | 0.02 | Nov 23, 2013 | Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page. | |||
| CVE-2012-3542 | 0.00 | — | 0.02 | Sep 5, 2012 | OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was… | |||
| CVE-2012-3540 | 0.00 | — | 0.03 | Sep 5, 2012 | Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally… | |||
| CVE-2012-3426 | 0.00 | — | 0.02 | Jul 31, 2012 | OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token… | |||
| CVE-2012-2144 | 0.00 | — | 0.02 | Jun 5, 2012 | Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie. | |||
| CVE-2012-2094 | 0.00 | — | 0.02 | Jun 5, 2012 | Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console. |
- CVE-2014-0157Apr 15, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat…
- CVE-2013-6858Nov 23, 2013risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page.
- CVE-2012-3542Sep 5, 2012risk 0.00cvss —epss 0.02
OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was…
- CVE-2012-3540Sep 5, 2012risk 0.00cvss —epss 0.03
Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally…
- CVE-2012-3426Jul 31, 2012risk 0.00cvss —epss 0.02
OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token…
- CVE-2012-2144Jun 5, 2012risk 0.00cvss —epss 0.02
Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie.
- CVE-2012-2094Jun 5, 2012risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console.
Page 2 of 2