what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 3 of 3 RSS Feed

CVE-2014-3475

Status Candidate

Overview

Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-8578.

Related Files

Red Hat Security Advisory 2014-1188-01
Posted Sep 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1188-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. A cross-site scripting flaw was found in the way orchestration templates were handled. An owner of such a template could use this flaw to perform XSS attacks against other Horizon users. It was found that network names were not sanitized. A malicious user could use this flaw to perform XSS attacks against other Horizon users by creating a network with a specially crafted name.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2014-3473, CVE-2014-3474, CVE-2014-3475, CVE-2014-3594
SHA-256 | 06a9c4363ca80ae7ee73bcafdc3503c6698bbfff7d64fb4ec71efe94fc24c35d
Ubuntu Security Notice USN-2323-1
Posted Aug 21, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2323-1 - Jason Hullinger discovered that OpenStack Horizon did not properly perform input sanitization on Heat templates. If a user were tricked into using a specially crafted Heat template, an attacker could conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Craig Lorentzen discovered that OpenStack Horizon did not properly perform input sanitization when creating networks. If a user were tricked into launching an image using the crafted network name, an attacker could conduct cross-site scripting attacks. Various other issues were also addressed.

tags | advisory, remote, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2014-3473, CVE-2014-3474, CVE-2014-3475, CVE-2014-3594
SHA-256 | af5d9eaa139a9915db9bda1859494977f366c015c3d6601bc6ac733e84f186a0
Red Hat Security Advisory 2014-0939-01
Posted Jul 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0939-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. A cross-site scripting flaw was found in the way orchestration templates were handled. An owner of such a template could use this flaw to perform XSS attacks against other Horizon users. It was found that network names were not sanitized. A malicious user could use this flaw to perform XSS attacks against other Horizon users by creating a network with a specially crafted name.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2014-3473, CVE-2014-3474, CVE-2014-3475
SHA-256 | 13312916ca2068b863e545e519d448ced8d30583209b6ecc7061d6772b243f3c
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    17 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close