CVE-2014-0157: OpenStack Dashboard (aka Horizon) vulnerable to Cross-site Scripting
(updated )
Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template.
References
- access.redhat.com/errata/RHSA-2014:0581
- access.redhat.com/security/cve/CVE-2014-0157
- bugzilla.redhat.com/show_bug.cgi?id=1082858
- github.com/advisories/GHSA-cmg8-5c63-pg95
- launchpad.net/bugs/1289033
- nvd.nist.gov/vuln/detail/CVE-2014-0157
- opendev.org/openstack/horizon
- web.archive.org/web/20200228185211/http://www.securityfocus.com/bid/66706
Code Behaviors & Features
Detect and mitigate CVE-2014-0157 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →