CVE-2015-3219

Published Aug 20, 2015

Last updated 8 years ago

CVSS info 4.3

Overview

Description: Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:openstack:horizon:2014.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84CFBFFA-AFD0-4734-87DE-49750BF73CDE"
          },
          {
            "criteria": "cpe:2.3:a:openstack:horizon:2014.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "779D1F72-063B-4971-8941-A275000F37E6"
          },
          {
            "criteria": "cpe:2.3:a:openstack:horizon:2014.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "309BE103-2695-452E-BA22-63D0D3A64840"
          },
          {
            "criteria": "cpe:2.3:a:openstack:horizon:2014.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4DBBD189-70DE-495C-8CFA-CC76A17B7813"
          },
          {
            "criteria": "cpe:2.3:a:openstack:horizon:2015.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70952F8E-7283-42B0-861D-30B62BB0D115"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B1C288F-326B-497B-B26C-D26E01262DDB"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References