Candidate: CVE-2014-8578
PublicDate: 2014-10-31 15:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8578
 http://www.openwall.com/lists/oss-security/2014/07/08/6
 https://ubuntu.com/security/notices/USN-2323-1
Description:
 Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack
 Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno
 before Juno-2 allows remote administrators to inject arbitrary web script
 or HTML via a user email address, a different vulnerability than
 CVE-2014-3475.
Ubuntu-Description:
Notes:
 jdstrand> Ubuntu 12.04 LTS not affected, introduced by:
  https://review.openstack.org/gitweb?p=openstack/horizon.git
Bugs:
 https://bugs.launchpad.net/horizon/+bug/1320235
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_horizon:
 upstream: https://review.openstack.org/105478 (havana)
 upstream: https://review.openstack.org/105477 (icehouse)
 upstream: https://review.openstack.org/105476 (juno)
upstream_horizon: released (2013.2.4,2014.1.2,2014.1.1-3)
lucid_horizon: DNE
precise_horizon: not-affected
trusty_horizon: released (1:2014.1.2-0ubuntu1.1)
trusty/esm_horizon: DNE (trusty was released [1:2014.1.2-0ubuntu1.1])
utopic_horizon: not-affected (1:2014.2~b2-0ubuntu1)
devel_horizon: not-affected