CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-3594

Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 68.6%

CVSS Severity

CVSS v2 Score 3.5

References

Products affected by CVE-2014-3594

Openstack » Horizon » Version: 2013.2

cpe:2.3:a:openstack:horizon:2013.2
Openstack » Horizon » Version: 2013.2.1

cpe:2.3:a:openstack:horizon:2013.2.1
Openstack » Horizon » Version: 2013.2.2

cpe:2.3:a:openstack:horizon:2013.2.2
Openstack » Horizon » Version: 2013.2.3

cpe:2.3:a:openstack:horizon:2013.2.3
Openstack » Horizon » Version: 2014.1

cpe:2.3:a:openstack:horizon:2014.1
Openstack » Horizon » Version: 2014.1.1

cpe:2.3:a:openstack:horizon:2014.1.1
Openstack » Horizon » Version: juno-1

cpe:2.3:a:openstack:horizon:juno-1
Openstack » Horizon » Version: juno-2

cpe:2.3:a:openstack:horizon:juno-2
Opensuse » Opensuse » Version: 13.1

cpe:2.3:o:opensuse:opensuse:13.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-3594

Products

Pricing

Contact Us