CVE-2014-8578

Priority
Description
Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack
Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno
before Juno-2 allows remote administrators to inject arbitrary web script
or HTML via a user email address, a different vulnerability than
CVE-2014-3475.
Notes
jdstrandUbuntu 12.04 LTS not affected, introduced by:
https://review.openstack.org/gitweb?p=openstack/horizon.git
Package
Upstream:released (2013.2.4,2014.1.2,2014.1.1-3)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [1:2014.1.2-0ubuntu1.1])
Patches:
Upstream:https://review.openstack.org/105478 (havana)
Upstream:https://review.openstack.org/105477 (icehouse)
Upstream:https://review.openstack.org/105476 (juno)
More Information

Updated: 2020-09-10 03:13:01 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)