CVE-2014-0157

Priority
Medium
Description
Cross-site scripting (XSS) vulnerability in the Horizon Orchestration
dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and
icehouse before icehouse-rc2 allows remote attackers to inject arbitrary
web script or HTML via the description field of a Heat template.
References
Assigned-to
jdstrand
Package
Upstream:released (2014.1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (code-not-present)
Ubuntu 12.10 (Quantal Quetzal):not-affected (code-not-present)
Ubuntu 13.10 (Saucy Salamander):released (1:2013.2.3-0ubuntu1.1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (1:2014.1~rc2-0ubuntu1)
Ubuntu 14.10 (Utopic Unicorn):not-affected (1:2014.1~rc2-0ubuntu1)
Patches:
Upstream:https://review.openstack.org/86059 (icehouse)
Upstream:https://review.openstack.org/86056 (havana)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-05-06 21:14:32 UTC (commit 8032)