Vulnerability CVE-2014-3474

Vulnerability CVE-2014-3474

Published: 2014-10-31

Description:

Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a network name.

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
3.5/10	2.9/10	6.8/10

Exploit range	Attack complexity	Authentication
Remote	Medium	Single time
Confidentiality impact	Integrity impact	Availability impact
None	Partial	None

Affected software
Opensuse -> Opensuse
Openstack -> Horizon
Novell -> Opensuse

References:

http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html

http://www.openwall.com/lists/oss-security/2014/07/08/6

http://www.securityfocus.com/bid/68460

https://bugs.launchpad.net/horizon/+bug/1322197

https://review.openstack.org/#/c/105477

Copyright 2024, cxsecurity.com