CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-0157

Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 49.7%

CVSS Severity

CVSS v2 Score 4.3

References

http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html
http://www.openwall.com/lists/oss-security/2014/04/08/8
http://www.securityfocus.com/bid/66706
https://launchpad.net/bugs/1289033
http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html
http://www.openwall.com/lists/oss-security/2014/04/08/8
http://www.securityfocus.com/bid/66706
https://launchpad.net/bugs/1289033

Products affected by CVE-2014-0157

Openstack » Horizon » Version: 2013.2

cpe:2.3:a:openstack:horizon:2013.2
Openstack » Horizon » Version: 2013.2.1

cpe:2.3:a:openstack:horizon:2013.2.1
Openstack » Horizon » Version: 2013.2.2

cpe:2.3:a:openstack:horizon:2013.2.2
Openstack » Horizon » Version: 2013.2.3

cpe:2.3:a:openstack:horizon:2013.2.3
Opensuse » Opensuse » Version: 13.1

cpe:2.3:o:opensuse:opensuse:13.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-0157

Products

Pricing

Contact Us