Openstack

Horizon

22 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2022-45582

  • EPSS 0.29%
  • Published 22.08.2023 19:16:30
  • Last modified 21.11.2024 07:29:27

Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter.

6.1

CVE-2020-29565

Exploit
  • EPSS 0.71%
  • Published 04.12.2020 08:15:11
  • Last modified 21.11.2024 05:24:12

An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon tha...

5.5

CVE-2012-5476

  • EPSS 0.15%
  • Published 30.12.2019 20:15:11
  • Last modified 21.11.2024 01:44:43

Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value.

5.5

CVE-2012-5474

Exploit
  • EPSS 0.07%
  • Published 30.12.2019 20:15:11
  • Last modified 21.11.2024 01:44:43

The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.

4.8

CVE-2017-7400

  • EPSS 0.22%
  • Published 03.04.2017 14:59:00
  • Last modified 20.04.2025 01:37:25

OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.

5.4

CVE-2016-4428

  • EPSS 0.57%
  • Published 12.07.2016 19:59:03
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.

4.3

CVE-2015-3219

Exploit
  • EPSS 0.41%
  • Published 20.08.2015 20:59:00
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parame...

3.5

CVE-2015-3988

  • EPSS 0.41%
  • Published 19.05.2015 18:59:08
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate.

5

CVE-2014-8124

  • EPSS 0.78%
  • Published 12.12.2014 15:59:09
  • Last modified 12.04.2025 10:46:40

OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests...

3.5

CVE-2014-3475

  • EPSS 0.36%
  • Published 31.10.2014 15:55:04
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user...