CVE-2015-3219
Published Aug 20, 2015
Last updated 8 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:horizon:2014.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "84CFBFFA-AFD0-4734-87DE-49750BF73CDE"
},
{
"criteria": "cpe:2.3:a:openstack:horizon:2014.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "779D1F72-063B-4971-8941-A275000F37E6"
},
{
"criteria": "cpe:2.3:a:openstack:horizon:2014.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "309BE103-2695-452E-BA22-63D0D3A64840"
},
{
"criteria": "cpe:2.3:a:openstack:horizon:2014.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4DBBD189-70DE-495C-8CFA-CC76A17B7813"
},
{
"criteria": "cpe:2.3:a:openstack:horizon:2015.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "70952F8E-7283-42B0-861D-30B62BB0D115"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0B1C288F-326B-497B-B26C-D26E01262DDB"
}
],
"operator": "OR"
}
]
}
]