PYSEC-2015-40

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/horizon/PYSEC-2015-40.yaml
JSON Data
https://api.test.osv.dev/v1/vulns/PYSEC-2015-40
Aliases
Published
2015-08-20T20:59:00Z
Modified
2024-11-25T22:42:38.983705Z
Summary
[none]
Details

Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class.

References

Affected packages

PyPI / horizon

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.0a0