CVE-2014-3594

Published: Aug 22, 2014Modified: May 6, 2026

3.5

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability: 6.8 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name.

Affected (5)

Products: Openstack: Horizon · Opensuse: Opensuse

1 product

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Openstack Horizon	From 2013.2 to 2013.2.4
Openstack Horizon	From 2014.1 to 2014.1.2
Openstack Horizon	Version juno-1
Openstack Horizon	Version juno-2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 13.1

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (20)

http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2014-1335.html

Source: secalert@redhat.com

Broken Link

http://rhn.redhat.com/errata/RHSA-2014-1336.html

Source: secalert@redhat.com

Broken Link

http://seclists.org/oss-sec/2014/q3/413

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/69291

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://bugs.launchpad.net/horizon/+bug/1349491

Source: secalert@redhat.com

ExploitIssue TrackingThird Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/95378

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://review.openstack.org/#/c/115310

Source: secalert@redhat.com

PatchVendor Advisory

https://review.openstack.org/#/c/115311

Source: secalert@redhat.com

PatchVendor Advisory

https://review.openstack.org/#/c/115313/

Source: secalert@redhat.com

PatchVendor Advisory

http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2014-1335.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://rhn.redhat.com/errata/RHSA-2014-1336.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://seclists.org/oss-sec/2014/q3/413

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/69291

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugs.launchpad.net/horizon/+bug/1349491

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/95378

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://review.openstack.org/#/c/115310

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://review.openstack.org/#/c/115311

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://review.openstack.org/#/c/115313/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.