Your submission was sent successfully! Close

CVE-2015-3988

Published: 19 May 2015

Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate.

Priority

Medium

Status

Package Release Status
horizon
Launchpad, Ubuntu, Debian
precise Not vulnerable
(code not present)
trusty Does not exist
(trusty was not-affected [code not present])
upstream
Released (2015.1.1)
utopic Ignored
(reached end-of-life)
vivid Not vulnerable
(1:2015.1.1-0ubuntu1)
wily Not vulnerable
(2:8.0.0~b3-0ubuntu1)
Patches:
upstream: https://review.openstack.org/183659 (juno)
upstream: https://review.openstack.org/183656 (kilo)
upstream: https://review.openstack.org/179429 (liberty)