Lucene search

[email protected]CVE-2012-2094

HistoryJun 05, 2012 - 10:55 p.m.

CVE-2012-2094

2012-06-0522:55:11

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-2094

cross-site scripting

xss

openstack dashboard

horizon

nvd

vulnerability

security

injection

web script

html

log viewer

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.9%

JSON

Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console.

Affected configurations

NVD

Node

openstackhorizonMatch2012.1

openstackhorizonMatchfolsom-1

CPENameOperatorVersion
openstack:horizonopenstack horizoneq2012.1
openstack:horizonopenstack horizoneqfolsom-1

CPE	Name	Operator	Version
openstack:horizon	openstack horizon	eq	2012.1
openstack:horizon	openstack horizon	eq	folsom-1

References

lists.fedoraproject.org/pipermail/package-announce/2012-April/079160.html

secunia.com/advisories/49024

secunia.com/advisories/49071

ubuntu.com/usn/usn-1439-1

www.osvdb.org/81742

bugs.launchpad.net/horizon/+bug/977944

exchange.xforce.ibmcloud.com/vulnerabilities/76136

github.com/openstack/horizon/commit/7f8c788aa70db98ac904f37fa4197fcabb802942

lists.launchpad.net/openstack/msg10211.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.9%

JSON

Related for CVE-2012-2094

fedora1 nessus2 openvas4 prion1 cvelist1 debiancve1 ubuntucve1 nvd1 github1 securityvulns2 ubuntu1