Your submission was sent successfully! Close

CVE-2014-0157

Published: 15 April 2014

Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template.

Priority

Medium

Status

Package Release Status
horizon
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Not vulnerable
(code-not-present)
quantal Not vulnerable
(code-not-present)
saucy
Released (1:2013.2.3-0ubuntu1.1)
trusty Does not exist
(trusty was not-affected [1:2014.1~rc2-0ubuntu1])
upstream
Released (2014.1)
Patches:
upstream: https://review.openstack.org/86059 (icehouse)
upstream: https://review.openstack.org/86056 (havana)