Vulnerabilities (CVE)

Filtered by vendor Openstack Subscribe
Filtered by product Horizon
Total 22 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-6858 3 Canonical, Openstack, Opensuse 3 Ubuntu Linux, Horizon, Opensuse 2024-02-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page.
CVE-2012-3542 1 Openstack 2 Essex, Horizon 2024-02-28 4.3 MEDIUM N/A
OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.