← Back

CVE-2017-7400

nvd nist
Published: Apr 3, 2017Modified: May 13, 2026

JSON object

Loading...
4.8
Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Exploitability: 1.7 / Impact: 2.7
Source: NVD

Description

OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.

Affected (19)

Products: Openstack: Horizon
Openstack
1 product
Horizon
Configuration A
19 vulnerable
Vulnerable SoftwareAffected Versions
Openstack
Horizon
Version 10.0.0
Horizon
Version 10.0.0 b1
Horizon
Version 10.0.0 b2
Horizon
Version 10.0.0 b3
Horizon
Version 10.0.0 rc1
Horizon
Version 10.0.0 rc2
Horizon
Version 10.0.0 rc3
Horizon
Version 10.0.1
Horizon
Version 10.0.2
Horizon
Version 11.0.0
Horizon
Version 9.0.0
Horizon
Version 9.0.0 b1
Horizon
Version 9.0.0 b2
Horizon
Version 9.0.0 b3
Horizon
Version 9.0.0 rc1
Horizon
Version 9.0.0 rc2
Horizon
Version 9.0.1
Horizon
Version 9.1.0
Horizon
Version 9.1.1

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (8)

Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.