Vulnerability Details CVE-2014-8578
Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.8%
CVSS Severity
CVSS v2 Score 3.5
References
Products affected by CVE-2014-8578
-
cpe:2.3:a:openstack:horizon:10.0.0
-
cpe:2.3:a:openstack:horizon:10.0.1
-
cpe:2.3:a:openstack:horizon:10.0.2
-
cpe:2.3:a:openstack:horizon:11.0.0
-
cpe:2.3:a:openstack:horizon:11.0.1
-
cpe:2.3:a:openstack:horizon:11.0.2
-
cpe:2.3:a:openstack:horizon:11.0.3
-
cpe:2.3:a:openstack:horizon:11.0.4
-
cpe:2.3:a:openstack:horizon:12.0.0
-
cpe:2.3:a:openstack:horizon:12.0.1
-
cpe:2.3:a:openstack:horizon:12.0.2
-
cpe:2.3:a:openstack:horizon:12.0.3
-
cpe:2.3:a:openstack:horizon:12.0.4
-
cpe:2.3:a:openstack:horizon:13.0.0
-
cpe:2.3:a:openstack:horizon:13.0.1
-
cpe:2.3:a:openstack:horizon:13.0.2
-
cpe:2.3:a:openstack:horizon:13.0.3
-
cpe:2.3:a:openstack:horizon:14.0.0
-
cpe:2.3:a:openstack:horizon:14.0.1
-
cpe:2.3:a:openstack:horizon:14.0.2
-
cpe:2.3:a:openstack:horizon:14.0.3
-
cpe:2.3:a:openstack:horizon:14.0.4
-
cpe:2.3:a:openstack:horizon:14.1.0
-
cpe:2.3:a:openstack:horizon:15.0.0
-
cpe:2.3:a:openstack:horizon:15.1.0
-
cpe:2.3:a:openstack:horizon:15.1.1
-
cpe:2.3:a:openstack:horizon:15.2.0
-
cpe:2.3:a:openstack:horizon:15.3.0
-
cpe:2.3:a:openstack:horizon:15.3.1
-
cpe:2.3:a:openstack:horizon:15.3.2
-
cpe:2.3:a:openstack:horizon:16.1.0
-
cpe:2.3:a:openstack:horizon:16.2.0
-
cpe:2.3:a:openstack:horizon:16.2.1
-
cpe:2.3:a:openstack:horizon:17.0.0
-
cpe:2.3:a:openstack:horizon:17.1.0
-
cpe:2.3:a:openstack:horizon:18.0.0
-
cpe:2.3:a:openstack:horizon:18.1.0
-
cpe:2.3:a:openstack:horizon:18.2.0
-
cpe:2.3:a:openstack:horizon:18.3.0
-
cpe:2.3:a:openstack:horizon:18.3.1
-
cpe:2.3:a:openstack:horizon:18.3.2
-
cpe:2.3:a:openstack:horizon:18.3.3
-
cpe:2.3:a:openstack:horizon:18.4.0
-
cpe:2.3:a:openstack:horizon:18.4.1
-
cpe:2.3:a:openstack:horizon:18.5.0
-
cpe:2.3:a:openstack:horizon:18.6.0
-
cpe:2.3:a:openstack:horizon:18.6.1
-
cpe:2.3:a:openstack:horizon:18.6.2
-
cpe:2.3:a:openstack:horizon:19.0.0
-
cpe:2.3:a:openstack:horizon:2012.1
-
cpe:2.3:a:openstack:horizon:2012.1.1
-
cpe:2.3:a:openstack:horizon:2012.2
-
cpe:2.3:a:openstack:horizon:2013.1
-
cpe:2.3:a:openstack:horizon:2013.1.1
-
cpe:2.3:a:openstack:horizon:2013.2
-
cpe:2.3:a:openstack:horizon:2013.2.1
-
cpe:2.3:a:openstack:horizon:2013.2.2
-
cpe:2.3:a:openstack:horizon:2013.2.3
-
cpe:2.3:a:openstack:horizon:2013.2.4
-
cpe:2.3:a:openstack:horizon:2014.1
-
cpe:2.3:a:openstack:horizon:2014.1.1
-
cpe:2.3:a:openstack:horizon:2014.1.2
-
cpe:2.3:a:openstack:horizon:2014.1.3
-
cpe:2.3:a:openstack:horizon:2014.1.4
-
cpe:2.3:a:openstack:horizon:2014.1.5
-
cpe:2.3:a:openstack:horizon:2014.2.0
-
cpe:2.3:a:openstack:horizon:2014.2.1
-
cpe:2.3:a:openstack:horizon:2014.2.2
-
cpe:2.3:a:openstack:horizon:2014.2.3
-
cpe:2.3:a:openstack:horizon:2014.2.4
-
cpe:2.3:a:openstack:horizon:2015.1.0
-
cpe:2.3:a:openstack:horizon:2015.1.1
-
cpe:2.3:a:openstack:horizon:2015.1.2
-
cpe:2.3:a:openstack:horizon:2015.1.3
-
cpe:2.3:a:openstack:horizon:2015.1.4
-
cpe:2.3:a:openstack:horizon:8.0.0
-
cpe:2.3:a:openstack:horizon:8.0.1
-
cpe:2.3:a:openstack:horizon:8.0.2
-
cpe:2.3:a:openstack:horizon:9.0.0
-
cpe:2.3:a:openstack:horizon:9.0.1
-
cpe:2.3:a:openstack:horizon:9.1.0
-
cpe:2.3:a:openstack:horizon:9.1.1
-
cpe:2.3:a:openstack:horizon:folsom-1
-
cpe:2.3:a:openstack:horizon:folsom-3
-
cpe:2.3:a:openstack:horizon:juno-1