—
PYSEC-2012-32
Details
Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / horizon
Introduced in:
0 Fixed in: 7f8c788aa70db98ac904f37fa4197fcabb802942 Fix
pip install --upgrade 'horizon>=7f8c788aa70db98ac904f37fa4197fcabb802942' References
- http://secunia.com/advisories/49024 [ADVISORY]
- https://bugs.launchpad.net/horizon/+bug/977944 [WEB]
- https://github.com/openstack/horizon/commit/7f8c788aa70db98ac904f37fa4197fcabb802942 [FIX]
- https://lists.launchpad.net/openstack/msg10211.html [WEB]
- http://www.osvdb.org/81742 [WEB]
- http://secunia.com/advisories/49071 [ADVISORY]
- http://ubuntu.com/usn/usn-1439-1 [WEB]
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079160.html [WEB]
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76136 [WEB]
- https://github.com/advisories/GHSA-j772-hpmw-32rm [ADVISORY]