Red Hat Security Advisory 2014-0365-01 - OpenStack Dashboard provides administrators and users a graphical interface to access, provision and automate cloud-based resources. The dashboard allows cloud administrators to get an overall view of the size and state of the cloud and it provides end-users a self-service portal to provision their own resources within the limits set by administrators. A flaw was found in the way OpenStack Dashboard sanitized the Instance Name string. By embedding HTML tags in an Instance Name, a remote attacker could use this flaw to execute a script within a victim's browser, resulting in a cross-site scripting attack. Note that only setups using OpenStack Dashboard were affected.
29fc0fcdcb2c8addcf4972400ab3addbaec6c74335e19a5d866d45f3125815b8Ubuntu Security Notice 2062-1 - Chris Chapman discovered cross-site scripting (XSS) vulnerabilities in Horizon via the Volumes and Network Topology pages. An authenticated attacker could exploit these to conduct stored cross-site scripting (XSS) attacks against users viewing these pages in order to modify the contents or steal confidential data within the same domain.
3587fd5a41bc925c662426c88e64f0f511df7717a9ceb5a659c808d02f6918ff
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed