CVE-2014-0157

Priority
Description
Cross-site scripting (XSS) vulnerability in the Horizon Orchestration
dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and
icehouse before icehouse-rc2 allows remote attackers to inject arbitrary
web script or HTML via the description field of a Heat template.
Assigned-to
jdstrand
Notes
Package
Upstream:released (2014.1)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [1:2014.1~rc2-0ubuntu1])
Patches:
Upstream:https://review.openstack.org/86059 (icehouse)
Upstream:https://review.openstack.org/86056 (havana)
More Information

Updated: 2019-12-05 18:35:24 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)