ALT-PU-2014-2144-1
Package python-module-django-horizon updated to version 2014.1.2-alt2 for branch c7 in task 130465.
Closed vulnerabilities
Published: 2014-08-22
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-3594
Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name.
Severity: LOW (3.5)
References:
- openSUSE-SU-2015:0078
- openSUSE-SU-2015:0078
- RHSA-2014:1335
- RHSA-2014:1335
- RHSA-2014:1336
- RHSA-2014:1336
- [oss-security] 20140819 [OSSA 2014-027] Persistent XSS in Horizon Host Aggregates interface (CVE-2014-3594)
- [oss-security] 20140819 [OSSA 2014-027] Persistent XSS in Horizon Host Aggregates interface (CVE-2014-3594)
- 69291
- 69291
- https://bugs.launchpad.net/horizon/+bug/1349491
- https://bugs.launchpad.net/horizon/+bug/1349491
- openstack-horizon-cve20143594-xss(95378)
- openstack-horizon-cve20143594-xss(95378)
- https://review.openstack.org/#/c/115310
- https://review.openstack.org/#/c/115310
- https://review.openstack.org/#/c/115311
- https://review.openstack.org/#/c/115311
- https://review.openstack.org/#/c/115313/
- https://review.openstack.org/#/c/115313/