Vulnerabilities > Openstack > Horizon > folsom.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-10-31 | CVE-2014-8578 | Cross-Site Scripting vulnerability in Openstack Horizon Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475. | 3.5 |
| 2012-07-31 | CVE-2012-3426 | Permissions, Privileges, and Access Controls vulnerability in Openstack Essex, Horizon and Keystone OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password. | 4.9 |
| 2012-06-05 | CVE-2012-2144 | Unspecified vulnerability in Openstack Horizon 2012.1/Folsom1 Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie. network openstack | 6.8 |
| 2012-06-05 | CVE-2012-2094 | Cross-Site Scripting vulnerability in Openstack Horizon 2012.1/Folsom1 Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console. | 4.3 |