[PKG-Openstack-devel] Bug#786741: horizon: CVE-2015-3988: Persistent XSS in Horizon metadata dashboard
Salvatore Bonaccorso
carnil at debian.org
Mon May 25 05:36:15 UTC 2015
Source: horizon
Version: 2015.1.0-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for horizon.
CVE-2015-3988[0]:
| Multiple cross-site scripting (XSS) vulnerabilities in OpenStack
| Dashboard (Horizon) 2015.1.0 allow remote authenticated users to
| inject arbitrary web script or HTML via the metadata to a (1) Glance
| image, (2) Nova flavor or (3) Host Aggregate.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-3988
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Openstack-devel
mailing list