CVE-2013-6858
Published: 23 November 2013
Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page.
Notes
Author | Note |
---|---|
mdeslaur | OSSA 2013-036 |
jdstrand | this is the same as CVE-2013-6406 |
Priority
Status
Package | Release | Status |
---|---|---|
horizon Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Not vulnerable
(code-not-present)
|
|
quantal |
Released
(2012.2.4-0ubuntu1.1)
|
|
raring |
Released
(1:2013.1.4-0ubuntu1.1)
|
|
saucy |
Released
(1:2013.2-0ubuntu1.1)
|
|
upstream |
Needs triage
|
|
Patches: upstream: https://review.openstack.org/#/c/58465/ |