Vulnerabilities > Openstack > Horizon > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-22 | CVE-2022-45582 | Open Redirect vulnerability in Openstack Horizon Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter. | 6.1 |
| 2020-12-04 | CVE-2020-29565 | Open Redirect vulnerability in multiple products An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. | 5.8 |
| 2016-07-12 | CVE-2016-4428 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form. | 5.4 |
| 2015-08-20 | CVE-2015-3219 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class. | 4.3 |
| 2014-05-14 | CVE-2013-4471 | Improper Authentication vulnerability in Openstack Horizon 2013.1/2013.2 The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user. | 5.5 |
| 2013-11-23 | CVE-2013-6858 | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page. | 4.3 |
| 2012-07-31 | CVE-2012-3426 | Permissions, Privileges, and Access Controls vulnerability in Openstack Essex, Horizon and Keystone OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password. | 4.9 |
| 2012-06-05 | CVE-2012-2144 | Unspecified vulnerability in Openstack Horizon 2012.1/Folsom1 Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie. network openstack | 6.8 |
| 2012-06-05 | CVE-2012-2094 | Cross-Site Scripting vulnerability in Openstack Horizon 2012.1/Folsom1 Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console. | 4.3 |