PublicDateAtUSN: 2014-04-15
Candidate: CVE-2014-0157
PublicDate: 2014-04-15 14:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0157
 https://launchpad.net/bugs/1289033
 http://www.openwall.com/lists/oss-security/2014/04/08/8
 https://ubuntu.com/security/notices/USN-2206-1
Description:
 Cross-site scripting (XSS) vulnerability in the Horizon Orchestration
 dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and
 icehouse before icehouse-rc2 allows remote attackers to inject arbitrary
 web script or HTML via the description field of a Heat template.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Cristian Fiorentino
Assigned-to: jdstrand
CVSS: 

Patches_horizon:
 upstream: https://review.openstack.org/86059 (icehouse)
 upstream: https://review.openstack.org/86056 (havana)
upstream_horizon: released (2014.1)
lucid_horizon: DNE
precise_horizon: not-affected (code-not-present)
quantal_horizon: not-affected (code-not-present)
saucy_horizon: released (1:2013.2.3-0ubuntu1.1)
trusty_horizon: not-affected (1:2014.1~rc2-0ubuntu1)
trusty/esm_horizon: DNE (trusty was not-affected [1:2014.1~rc2-0ubuntu1])
devel_horizon: not-affected (1:2014.1~rc2-0ubuntu1)