CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-3473

Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when used with Heat, allows remote Orchestration template owners or catalogs to inject arbitrary web script or HTML via a crafted template.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 59.8%

CVSS Severity

CVSS v2 Score 4.3

References

Products affected by CVE-2014-3473

Openstack » Horizon » Version: 2013.2

cpe:2.3:a:openstack:horizon:2013.2
Openstack » Horizon » Version: 2013.2.1

cpe:2.3:a:openstack:horizon:2013.2.1
Openstack » Horizon » Version: 2013.2.2

cpe:2.3:a:openstack:horizon:2013.2.2
Openstack » Horizon » Version: 2013.2.3

cpe:2.3:a:openstack:horizon:2013.2.3
Openstack » Horizon » Version: 2014.1

cpe:2.3:a:openstack:horizon:2014.1
Openstack » Horizon » Version: 2014.1.1

cpe:2.3:a:openstack:horizon:2014.1.1
Openstack » Horizon » Version: juno-1

cpe:2.3:a:openstack:horizon:juno-1
Opensuse » Opensuse » Version: 13.1

cpe:2.3:o:opensuse:opensuse:13.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-3473

Products

Pricing

Contact Us