Vulnerability CVE-2014-3594: Information

Description

Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name.

Severity: LOW (3.5)

URL: https://nvd.nist.gov/vuln/detail/CVE-2014-3594
Published: Aug. 22, 2014
Modified: Feb. 13, 2023
Error type identifier: CWE-79

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
python-module-django-horizonc72014.1.2-alt29.1.0-alt0.M70C.2ALT-PU-2014-2144-1130465Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
69291
  • Third Party Advisory
  • VDB Entry
https://review.openstack.org/#/c/115311
  • Patch
  • Vendor Advisory
https://review.openstack.org/#/c/115310
  • Patch
  • Vendor Advisory
https://bugs.launchpad.net/horizon/+bug/1349491
  • Exploit
  • Issue Tracking
  • Third Party Advisory
[oss-security] 20140819 [OSSA 2014-027] Persistent XSS in Horizon Host Aggregates interface (CVE-2014-3594)
  • Mailing List
  • Third Party Advisory
https://review.openstack.org/#/c/115313/
  • Patch
  • Vendor Advisory
RHSA-2014:1335
  • Broken Link
RHSA-2014:1336
  • Broken Link
openSUSE-SU-2015:0078
  • Mailing List
  • Third Party Advisory
openstack-horizon-cve20143594-xss(95378)
  • Third Party Advisory
  • VDB Entry

    1. Configuration 1

      cpe:2.3:a:openstack:horizon:juno-1:*:*:*:*:*:*:*
      cpe:2.3:a:openstack:horizon:juno-2:*:*:*:*:*:*:*
      cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*
      Start including
      2013.2
      End excliding
      2013.2.4
      cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*
      Start including
      2014.1
      End excliding
      2014.1.2

      Configuration 2

      cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top