Beth Lancaster and Brandon Sawyers discovered that OpenStack Horizon was incorrect protected against cross-site scripting (XSS) attacks. A remote authenticated user could use this issue to inject web script or HTML in a dashboard form.
{ "availability": "No subscription required", "binaries": [ { "binary_name": "openstack-dashboard", "binary_version": "1:2014.1.5-0ubuntu2.1" }, { "binary_name": "openstack-dashboard-ubuntu-theme", "binary_version": "1:2014.1.5-0ubuntu2.1" }, { "binary_name": "python-django-horizon", "binary_version": "1:2014.1.5-0ubuntu2.1" }, { "binary_name": "python-django-openstack", "binary_version": "1:2014.1.5-0ubuntu2.1" } ] }