Showing 1 - 3 of 3

CVE-2014-3474

Status Candidate

Overview

Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a network name.

Related Files

Red Hat Security Advisory 2014-1188-01: Posted Sep 15, 2014; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2014-1188-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. A cross-site scripting flaw was found in the way orchestration templates were handled. An owner of such a template could use this flaw to perform XSS attacks against other Horizon users. It was found that network names were not sanitized. A malicious user could use this flaw to perform XSS attacks against other Horizon users by creating a network with a specially crafted name.; tags | advisory, xss; systems | linux, redhat; advisories | CVE-2014-3473, CVE-2014-3474, CVE-2014-3475, CVE-2014-3594; SHA-256 | 06a9c4363ca80ae7ee73bcafdc3503c6698bbfff7d64fb4ec71efe94fc24c35d; Download | Favorite | View

Ubuntu Security Notice USN-2323-1: Posted Aug 21, 2014; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2323-1 - Jason Hullinger discovered that OpenStack Horizon did not properly perform input sanitization on Heat templates. If a user were tricked into using a specially crafted Heat template, an attacker could conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Craig Lorentzen discovered that OpenStack Horizon did not properly perform input sanitization when creating networks. If a user were tricked into launching an image using the crafted network name, an attacker could conduct cross-site scripting attacks. Various other issues were also addressed.; tags | advisory, remote, vulnerability, xss; systems | linux, ubuntu; advisories | CVE-2014-3473, CVE-2014-3474, CVE-2014-3475, CVE-2014-3594; SHA-256 | af5d9eaa139a9915db9bda1859494977f366c015c3d6601bc6ac733e84f186a0; Download | Favorite | View

Red Hat Security Advisory 2014-0939-01: Posted Jul 24, 2014; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2014-0939-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. A cross-site scripting flaw was found in the way orchestration templates were handled. An owner of such a template could use this flaw to perform XSS attacks against other Horizon users. It was found that network names were not sanitized. A malicious user could use this flaw to perform XSS attacks against other Horizon users by creating a network with a specially crafted name.; tags | advisory, xss; systems | linux, redhat; advisories | CVE-2014-3473, CVE-2014-3474, CVE-2014-3475; SHA-256 | 13312916ca2068b863e545e519d448ced8d30583209b6ecc7061d6772b243f3c; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 300 files
Ubuntu 65 files
LiquidWorm 25 files
Debian 18 files
indoushka 15 files
Apple 10 files
Google Security Research 7 files
Gentoo 5 files
Emiliano Febbi 3 files
Chokri Hammedi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,155)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,813)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,236)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,965)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

CVE-2014-3474

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems