CVE-2013-6858

Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
VendorProductVersion
openstackhorizon
2013.1 ≤
𝑥
≤ 2013.2
opensuseopensuse
13.1
canonicalubuntu_linux
12.10
canonicalubuntu_linux
13.04
canonicalubuntu_linux
13.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
horizon
bullseye
3:18.6.2-5+deb11u2
fixed
wheezy
not-affected
bookworm
3:23.0.0-5+deb12u1
fixed
sid
3:25.1.0-2
fixed
trixie
3:25.1.0-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
horizon
saucy
Fixed 1:2013.2-0ubuntu1.1
released
raring
Fixed 1:2013.1.4-0ubuntu1.1
released
quantal
Fixed 2012.2.4-0ubuntu1.1
released
precise
not-affected
lucid
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html
http://secunia.com/advisories/55770
http://secunia.com/advisories/56117
http://www.securityfocus.com/bid/63787
http://www.ubuntu.com/usn/USN-2062-1
https://bugs.launchpad.net/horizon/+bug/1247675
http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html
http://secunia.com/advisories/55770
http://secunia.com/advisories/56117
http://www.securityfocus.com/bid/63787
http://www.ubuntu.com/usn/USN-2062-1
https://bugs.launchpad.net/horizon/+bug/1247675