CVE-2013-6858

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page.

Reference

http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html
http://secunia.com/advisories/55770
http://secunia.com/advisories/56117
http://www.securityfocus.com/bid/63787
http://www.ubuntu.com/usn/USN-2062-1
https://bugs.launchpad.net/horizon/+bug/1247675

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

09-03-2021 - 14:50

Objavljeno

23-11-2013 - 17:55