CVE-2014-0157
Published: 15 April 2014
Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template.
Priority
Status
Package | Release | Status |
---|---|---|
horizon Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Not vulnerable
(code-not-present)
|
|
quantal |
Not vulnerable
(code-not-present)
|
|
saucy |
Released
(1:2013.2.3-0ubuntu1.1)
|
|
trusty |
Does not exist
(trusty was not-affected [1:2014.1~rc2-0ubuntu1])
|
|
upstream |
Released
(2014.1)
|
|
Patches: upstream: https://review.openstack.org/86059 upstream: https://review.openstack.org/86056 |