PYSEC-2026-644

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/horizon/PYSEC-2026-644.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-644
Aliases
Published
2026-07-02T14:13:23.115590Z
Modified
2026-07-06T08:00:38.246131329Z
Summary
OpenStack Horizon Cross-site scripting (XSS) vulnerability
Details

Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a network name.

References

Affected packages

PyPI / horizon

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.0a0

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/horizon/PYSEC-2026-644.yaml"