CVE-2012-2094

Published: 17 April 2012

Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console.

Priority

Medium

Status

Package Release Status
horizon
Launchpad, Ubuntu, Debian
Upstream Needs triage

Patches:
upstream: I89089155d1083332d02ae9039898227cbab42d07