Cross-site Scripting (XSS) Affecting horizon package, versions <2012.1-3
Threat Intelligence
EPSS
0.31% (71st
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN12-HORIZON-1547859
- published 5 Jun 2012
- disclosed 5 Jun 2012
How to fix?
Upgrade Debian:12 horizon to version 2012.1-3 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream horizon package and not the horizon package as distributed by Debian.
See How to fix? for Debian:12 relevant fixed versions and status.
Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console.
References
- https://security-tracker.debian.org/tracker/CVE-2012-2094
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079160.html
- https://github.com/openstack/horizon/commit/7f8c788aa70db98ac904f37fa4197fcabb802942
- https://bugs.launchpad.net/horizon/+bug/977944
- https://lists.launchpad.net/openstack/msg10211.html
- http://ubuntu.com/usn/usn-1439-1
- http://secunia.com/advisories/49024
- http://secunia.com/advisories/49071
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2012-2094
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76136
- http://www.osvdb.org/81742
CVSS Scores
version 3.1