Showing 1 - 3 of 3

CVE-2014-3474

Status Candidate

Overview

Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a network name.

Related Files

Red Hat Security Advisory 2014-1188-01: Posted Sep 15, 2014; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2014-1188-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. A cross-site scripting flaw was found in the way orchestration templates were handled. An owner of such a template could use this flaw to perform XSS attacks against other Horizon users. It was found that network names were not sanitized. A malicious user could use this flaw to perform XSS attacks against other Horizon users by creating a network with a specially crafted name.; tags | advisory, xss; systems | linux, redhat; advisories | CVE-2014-3473, CVE-2014-3474, CVE-2014-3475, CVE-2014-3594; SHA-256 | 06a9c4363ca80ae7ee73bcafdc3503c6698bbfff7d64fb4ec71efe94fc24c35d; Download | Favorite | View

Ubuntu Security Notice USN-2323-1: Posted Aug 21, 2014; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2323-1 - Jason Hullinger discovered that OpenStack Horizon did not properly perform input sanitization on Heat templates. If a user were tricked into using a specially crafted Heat template, an attacker could conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Craig Lorentzen discovered that OpenStack Horizon did not properly perform input sanitization when creating networks. If a user were tricked into launching an image using the crafted network name, an attacker could conduct cross-site scripting attacks. Various other issues were also addressed.; tags | advisory, remote, vulnerability, xss; systems | linux, ubuntu; advisories | CVE-2014-3473, CVE-2014-3474, CVE-2014-3475, CVE-2014-3594; SHA-256 | af5d9eaa139a9915db9bda1859494977f366c015c3d6601bc6ac733e84f186a0; Download | Favorite | View

Red Hat Security Advisory 2014-0939-01: Posted Jul 24, 2014; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2014-0939-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. A cross-site scripting flaw was found in the way orchestration templates were handled. An owner of such a template could use this flaw to perform XSS attacks against other Horizon users. It was found that network names were not sanitized. A malicious user could use this flaw to perform XSS attacks against other Horizon users by creating a network with a specially crafted name.; tags | advisory, xss; systems | linux, redhat; advisories | CVE-2014-3473, CVE-2014-3474, CVE-2014-3475; SHA-256 | 13312916ca2068b863e545e519d448ced8d30583209b6ecc7061d6772b243f3c; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 213 files
indoushka 118 files
Ubuntu 88 files
Gentoo 33 files
Debian 25 files
Jasper Nota 25 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Apple 9 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,107)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,890)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,615)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,777)
UNIX (9,440)
UnixWare (187)
Windows (6,676)
Other

CVE-2014-3474

Overview

Related Files

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems