Candidate: CVE-2017-7400
PublicDate: 2017-04-03 14:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7400
 https://launchpad.net/bugs/1667086
Description:
 OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows
 remote authenticated administrators to conduct XSS attacks via a crafted
 federation mapping.
Ubuntu-Description:
Notes:
 tyhicks> Requires admin privileges
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859559
Priority: negligible
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N [4.8 MEDIUM]

Patches_horizon:
upstream_horizon: released (3:10.0.1-1)
precise_horizon: ignored (reached end-of-life)
precise/esm_horizon: DNE (precise was needed)
trusty_horizon: not-affected (code not present)
trusty/esm_horizon: DNE (trusty was not-affected [code not present])
vivid/stable-phone-overlay_horizon: DNE
vivid/ubuntu-core_horizon: DNE
xenial_horizon: not-affected (2:9.1.2-0ubuntu1)
esm-infra/xenial_horizon: not-affected (2:9.1.2-0ubuntu1)
yakkety_horizon: ignored (reached end-of-life)
zesty_horizon: not-affected (3:11.0.1-0ubuntu1)
devel_horizon: not-affected (3:11.0.1-0ubuntu1)