OpenStack Horizon Web Name HTML Injection Vulnerability (CVE-2014-3474)
Release date:
Updated on:
Affected Systems:
Openstack OpenStack Dashboard (Horizon)
Description:
--------------------------------------------------------------------------------
Bugtraq id: 68460
CVE (CAN) ID: CVE-2014-3474
OpenStack Dashboard Horizon is an OpenStack Dashboard project that provides Web user interfaces to the OpenStack service.
OpenStack Horizon does not properly filter user input. An HTML injection vulnerability exists in implementation. Attackers can exploit this vulnerability to run HTML or JS code in the context of the affected site, then, steal the cookie authentication credential and change the website appearance.
<* Source: Craig Lorentzen
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Openstack
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://lists.openstack.org/pipermail/openstack-announce/
This article permanently updates the link address: