CVE-2014-3594: OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability in the Host Aggregates interface
(updated )
Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name.
References
- access.redhat.com/errata/RHSA-2014:1188
- access.redhat.com/errata/RHSA-2014:1335
- access.redhat.com/errata/RHSA-2014:1336
- access.redhat.com/security/cve/CVE-2014-3594
- bugs.launchpad.net/horizon/+bug/1349491
- bugzilla.redhat.com/show_bug.cgi?id=1129774
- exchange.xforce.ibmcloud.com/vulnerabilities/95378
- github.com/advisories/GHSA-8g68-2hcj-h8vg
- github.com/openstack/horizon/commit/ba2c98aea0db0d03200c811b86b3efe8367f3905
- github.com/openstack/horizon/commit/ba908ae88d5925f4f6783eb234cc4ea95017472b
- nvd.nist.gov/vuln/detail/CVE-2014-3594
- review.openstack.org/
- review.openstack.org/
- review.openstack.org/
Detect and mitigate CVE-2014-3594 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →