Candidate: CVE-2015-3988
PublicDate: 2015-05-19 18:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3988
 http://www.openwall.com/lists/oss-security/2015/05/12/9
 http://lists.openstack.org/pipermail/openstack-announce/2015-May/000358.html
Description:
 Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard
 (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web
 script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or
 (3) Host Aggregate.
Ubuntu-Description:
Notes:
 mdeslaur> will not be fixed before 14.10 goes EoL
Bugs:
 https://launchpad.net/bugs/1449260
Priority: medium
Discovered-by: Sunil Yadav
Assigned-to:
CVSS: 

Patches_horizon:
 upstream: https://review.openstack.org/183659 (juno)
 upstream: https://review.openstack.org/183656 (kilo)
 upstream: https://review.openstack.org/179429 (liberty)
upstream_horizon: released (2015.1.1)
precise_horizon: not-affected (code not present)
trusty_horizon: not-affected (code not present)
trusty/esm_horizon: DNE (trusty was not-affected [code not present])
utopic_horizon: ignored (reached end-of-life)
vivid_horizon: not-affected (1:2015.1.1-0ubuntu1)
devel_horizon: not-affected (2:8.0.0~b3-0ubuntu1)