Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Horizon | >= 2013.1, <= 2013.2 |
| Opensuse | Opensuse | 13.1 |
| Canonical | Ubuntu Linux | 12.10 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.htmlMailing ListThird Party Advisory
- http://secunia.com/advisories/55770Third Party Advisory
- http://secunia.com/advisories/56117Third Party Advisory
- http://www.securityfocus.com/bid/63787Third Party AdvisoryVDB Entry
- http://www.ubuntu.com/usn/USN-2062-1Third Party Advisory
- https://bugs.launchpad.net/horizon/+bug/1247675Issue TrackingPatchThird Party Advisory
- http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.htmlMailing ListThird Party Advisory
- http://secunia.com/advisories/55770Third Party Advisory
- http://secunia.com/advisories/56117Third Party Advisory
- http://www.securityfocus.com/bid/63787Third Party AdvisoryVDB Entry
- http://www.ubuntu.com/usn/USN-2062-1Third Party Advisory
- https://bugs.launchpad.net/horizon/+bug/1247675Issue TrackingPatchThird Party Advisory
FAQ
What is CVE-2013-6858?
CVE-2013-6858 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" o...
How severe is CVE-2013-6858?
CVE-2013-6858 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-6858?
Check the references section above for vendor advisories and patch information. Affected products include: Openstack Horizon, Opensuse Opensuse, Canonical Ubuntu Linux.