CVE-2015-3219

Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:openstack:horizon:2014.2.0:*:*:*:*:*:*:*
cpe:2.3:a:openstack:horizon:2014.2.1:*:*:*:*:*:*:*
cpe:2.3:a:openstack:horizon:2015.1.0:*:*:*:*:*:*:*
cpe:2.3:a:openstack:horizon:2014.2.2:*:*:*:*:*:*:*
cpe:2.3:a:openstack:horizon:2014.2.3:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*

Information

Published : 2015-08-20 13:59

Updated : 2016-12-23 18:59


NVD link : CVE-2015-3219

Mitre link : CVE-2015-3219


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

debian

  • debian_linux

openstack

  • horizon

oracle

  • solaris