OpenStack OpenStack Dashboard (Horizon) 2014.2.0

CPE Details

OpenStack OpenStack Dashboard (Horizon) 2014.2.0
openstack
horizon
2014.2.0
2014-12-15
13h07 +00:00
2014-12-15
18h57 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:openstack:horizon:2014.2.0:*:*:*:*:*:*:*

Informations

Vendor

openstack

Product

horizon

Version

2014.2.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2015-3219 2015-08-20 18h00 +00:00 Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class.
4.3
CVE-2014-8124 2014-12-12 14h00 +00:00 OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page.
5
CVE-2014-8578 2014-10-31 15h00 +00:00 Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475.
3.5