CVE-2014-0157
Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.0026 (0.3%)
Percentil: 49.8%
EPSS: 2026-05-06
Afecta
openstack:horizonopensuse:opensuseDescripción técnica
Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template.
Publicada: 15/4/2014, 14:55:04
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html
- http://www.openwall.com/lists/oss-security/2014/04/08/8
- http://www.securityfocus.com/bid/66706
- https://launchpad.net/bugs/1289033
- http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html
- http://www.openwall.com/lists/oss-security/2014/04/08/8
- http://www.securityfocus.com/bid/66706
- https://launchpad.net/bugs/1289033