|
Bug #977944: refreshing in log viewer interprets html and javascript
|
 CVE-2012-2094 |
|
OpenStack Dashboard (Horizon)
|
Fix released (unassigned)
|
|
Bug #978896: session fixation vulnerability
|
CVE-2012-2144 |
|
OpenStack Dashboard (Horizon)
|
Fix released, assigned to Paul McMillan
|
|
Bug #997669: When adding ICMP rule, the type/code is being validated as from/to ports
|
CVE-2012-2094
CVE-2012-2144 |
|
OpenStack Dashboard (Horizon)
|
Fix released, assigned to Tihomir Trifonov
|
|
Bug #1020555: Wrong 'Download CSV Summary' link
|
CVE-2012-3540 |
|
OpenStack Dashboard (Horizon)
|
Fix released, assigned to Gabriel Hurley
|
|
Bug #1031291: TypeError when trying to delete an unnamed volume via dashboard
|
CVE-2012-3540 |
|
OpenStack Dashboard (Horizon)
|
Fix released, assigned to Gabriel Hurley
|
|
Bug #1039077: [OSSA 2012-012] open redirect / phishing attack via "next" parameter
|
CVE-2012-3540 |
|
OpenStack Dashboard (Horizon)
|
Invalid (unassigned)
|
|
Bug #1057125: stable/essex horizon installs unusable version of glance
|
CVE-2012-3540 |
|
OpenStack Dashboard (Horizon)
|
Invalid by Brian Waldon
|
|
Bug #1177924: Use testr instead of nose as the unittest runner.
|
CVE-2016-0738 |
|
OpenStack Dashboard (Horizon)
|
Won't fix (unassigned)
|
|
Bug #1237989: user can update his password without knowing the old password
|
CVE-2013-4471 |
|
OpenStack Dashboard (Horizon)
|
Fix released, assigned to Matthias Runge
|
|
Bug #1247675: [OSSA 2013-036] Insufficient sanitization of Instance Name in Horizon (CVE-2013-6858)
|
CVE-2013-6406
CVE-2013-6858 |
|
OpenStack Dashboard (Horizon)
|
Fix released, assigned to Rob Raymond
|
|
Bug #1289033: [OSSA-2014-010] XSS in Horizon-Orchestration (CVE-2014-0157)
|
CVE-2014-0157 |
|
OpenStack Dashboard (Horizon)
|
Fix released, assigned to Cristian Fiorentino
|
|
Bug #1308727: [OSSA 2014-023] XSS in Horizon Heat template - resource name (CVE-2014-3473)
|
CVE-2014-3473 |
|
OpenStack Dashboard (Horizon)
|
Fix released, assigned to Julie Pichon
|
|
Bug #1320235: [OSSA 2014-023] Stored XSS for /admin/users/ (CVE-2014-3475)
|
CVE-2014-3475
CVE-2014-8578 |
|
OpenStack Dashboard (Horizon)
|
Fix released, assigned to Julie Pichon
|
|
Bug #1322197: [OSSA 2014-023] Persistent XSS in OpenStack Havana UI for Network Name (CVE-2014-3474)
|
CVE-2014-3474 |
|
OpenStack Dashboard (Horizon)
|
Fix released, assigned to Julie Pichon
|
|
Bug #1349491: [OSSA 2014-027] Persistent XSS in the Host Aggregates interface (CVE-2014-3594)
|
CVE-2014-3594 |
|
OpenStack Dashboard (Horizon)
|
Fix released, assigned to Julie Pichon
|
|
Bug #1394370: [OSSA 2014-040] horizon login page is vulnerable to DOS attack (CVE-2014-8124)
|
CVE-2014-8124 |
|
OpenStack Dashboard (Horizon)
|
Fix released, assigned to Eric Peterson
|
|
Bug #1453074: [OSSA 2015-010] help_text parameter of fields is vulnerable to arbitrary html injection (CVE-2015-3219)
|
CVE-2015-3219 |
|
OpenStack Dashboard (Horizon)
|
Fix released, assigned to Lin Hua Cheng
|
|
Bug #1529836: Fix deprecated library function (os.popen()).
|
CVE-2016-0738 |
|
OpenStack Dashboard (Horizon)
|
Fix released, assigned to Harshada Mangesh Kakad
|
|
Bug #1567673: [OSSA-2016-010] Possible client side template injection in horizon (CVE-2016-4428)
|
CVE-2016-4428 |
|
OpenStack Dashboard (Horizon)
|
Fix released, assigned to Tristan Cacqueray
|
|
Bug #1606500: [OSSA 2016-013] Heat: template source URL allows network port scan (CVE-2016-9185)
|
CVE-2016-9185 |
|
OpenStack Dashboard (Horizon)
|
Invalid (unassigned)
|
|
Bug #1667086: [OSSA-2017-003] XSS in federation mappings UI (CVE-2017-7400)
|
CVE-2017-7400 |
|
OpenStack Dashboard (Horizon)
|
Fix released, assigned to Richard Jones
|
|
Bug #1865026: [OSSA-2020-008] Open redirect in workflow forms (CVE-2020-29565)
|
CVE-2020-29565 |
|
OpenStack Dashboard (Horizon)
|
Fix released, assigned to Radomir Dopieralski
|
|
Bug #1940450: XSS The data-template attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript.
|
CVE-2019-8331 |
|
OpenStack Dashboard (Horizon)
|
Invalid (unassigned)
|
