VDB
KO
MEDIUM 4.8

PYSEC-2026-821

OpenStack Horizon Cross-site Scripting (XSS)

Details

OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / horizon
Introduced in: 9.0 Fixed in: 9.1.2
Fix pip install --upgrade 'horizon>=9.1.2'

References