[PKG-Openstack-devel] Bug#786741: horizon: CVE-2015-3988: Persistent XSS in Horizon metadata dashboard

Salvatore Bonaccorso carnil at debian.org
Mon May 25 05:36:15 UTC 2015


Source: horizon
Version: 2015.1.0-1
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for horizon.

CVE-2015-3988[0]:
| Multiple cross-site scripting (XSS) vulnerabilities in OpenStack
| Dashboard (Horizon) 2015.1.0 allow remote authenticated users to
| inject arbitrary web script or HTML via the metadata to a (1) Glance
| image, (2) Nova flavor or (3) Host Aggregate.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-3988

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore



More information about the Openstack-devel mailing list