Lucene search

[email protected]CVE-2013-6858

HistoryNov 23, 2013 - 5:55 p.m.

CVE-2013-6858

2013-11-2317:55:03

CWE-79

[email protected]

web.nvd.nist.gov

openstack

horizon

xss

web security

vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) “Volumes” or (2) “Network Topology” page.

Affected configurations

NVD

Node

openstackhorizonRange2013.1–2013.2

Node

opensuseopensuseMatch13.1

Node

canonicalubuntu_linuxMatch12.10

canonicalubuntu_linuxMatch13.04

canonicalubuntu_linuxMatch13.10

CPENameOperatorVersion
openstack:horizonopenstack horizonle2013.2

CPE	Name	Operator	Version
openstack:horizon	openstack horizon	le	2013.2

References

lists.opensuse.org/opensuse-updates/2015-01/msg00040.html

secunia.com/advisories/55770

secunia.com/advisories/56117

www.securityfocus.com/bid/63787

www.ubuntu.com/usn/USN-2062-1

bugs.launchpad.net/horizon/+bug/1247675

Social References

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.2%

JSON

Related for CVE-2013-6858

securityvulns2 nessus2 veracode1 redhat1 debiancve1 openvas2 ubuntu1 prion2 nvd2 cvelist1 ubuntucve1 cve1