[PKG-Openstack-devel] Bug#786741: horizon: CVE-2015-3988: Persistent XSS in Horizon metadata dashboard

[Salvatore Bonaccorso]

Hi

I have updated the severity to it due to "An authenticated user may
conduct a persistent XSS attack by setting a malicious metadata to a
Glance image, a Nova flavor or a Host Aggregate and tricking an
administrator to load the update metadata page. Once executed in a
legitimate context this attack may result in a privilege escalation.".

I'm not too familiar with horizon, so please correct me if you
disagree.

Regards,
Salvatore