Vulnerabilities > Openstack > Horizon
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-22 | CVE-2022-45582 | Open Redirect vulnerability in Openstack Horizon Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter. | 6.1 |
| 2020-12-04 | CVE-2020-29565 | Open Redirect vulnerability in multiple products An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. | 5.8 |
| 2019-12-30 | CVE-2012-5476 | Information Exposure vulnerability in multiple products Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value. | 2.1 |
| 2019-12-30 | CVE-2012-5474 | Missing Encryption of Sensitive Data vulnerability in multiple products The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value. | 2.1 |
| 2017-04-03 | CVE-2017-7400 | Cross-site Scripting vulnerability in Openstack Horizon OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping. | 3.5 |
| 2016-07-12 | CVE-2016-4428 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form. | 5.4 |
| 2015-08-20 | CVE-2015-3219 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class. | 4.3 |
| 2015-05-19 | CVE-2015-3988 | Cross-site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate. | 3.5 |
| 2014-10-31 | CVE-2014-8578 | Cross-Site Scripting vulnerability in Openstack Horizon Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475. | 3.5 |
| 2014-05-14 | CVE-2013-4471 | Improper Authentication vulnerability in Openstack Horizon 2013.1/2013.2 The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user. | 5.5 |