CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-3474

Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a network name.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 54.2%

CVSS Severity

CVSS v2 Score 3.5

References

Products affected by CVE-2014-3474

Openstack » Horizon » Version: 2013.2

cpe:2.3:a:openstack:horizon:2013.2
Openstack » Horizon » Version: 2013.2.1

cpe:2.3:a:openstack:horizon:2013.2.1
Openstack » Horizon » Version: 2013.2.2

cpe:2.3:a:openstack:horizon:2013.2.2
Openstack » Horizon » Version: 2013.2.3

cpe:2.3:a:openstack:horizon:2013.2.3
Openstack » Horizon » Version: 2014.1

cpe:2.3:a:openstack:horizon:2014.1
Openstack » Horizon » Version: 2014.1.1

cpe:2.3:a:openstack:horizon:2014.1.1
Openstack » Horizon » Version: juno-1

cpe:2.3:a:openstack:horizon:juno-1
Opensuse » Opensuse » Version: 13.1

cpe:2.3:o:opensuse:opensuse:13.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-3474

Products

Pricing

Contact Us