CVE-2013-6858

Published: Nov 23, 2013Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page.

Affected (5)

Products: Openstack: Horizon · Opensuse: Opensuse · Canonical: Ubuntu Linux

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openstack Horizon	From 2013.1 to 2013.2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 13.1

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.10
Canonical Ubuntu Linux	Version 13.04
Canonical Ubuntu Linux	Version 13.10

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (12)

http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://secunia.com/advisories/55770

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/56117

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/63787

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2062-1

Source: cve@mitre.org

Third Party Advisory

https://bugs.launchpad.net/horizon/+bug/1247675

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html