Bugzilla – Bug 852175
VUL-0: CVE-2013-6858: openstack-dashboard: Multiple cross-site scripting (XSS) vulnerabilities
Last modified: 2016-10-20 10:22:54 UTC
CVE-2013-6858 Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to "Volumes" or "Network Topology" page. References: https://bugzilla.redhat.com/show_bug.cgi?id=1034153 http://secunia.com/advisories/55770 https://bugs.launchpad.net/horizon/+bug/1247675 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6858 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6858
bugbot adjusting priority
Fix backported to Grizzly, currently in Cloud:OpenStack:Grizzly:Staging
*** Bug 853043 has been marked as a duplicate of this bug. ***
Meanwhile in Devel:Cloud:2.0:Staging, will submit to SP3:Update after mkcloud passed.
was this ever submitted sascha?
The SWAMPID for this issue is 56890. This issue was rated as moderate. Please submit fixed packages until 2014-04-17. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
openstack-dashboard-branding-SLE needs to be mentioned in the patchinfo because we have new requires on a new provides in it
I think, this one can be closed, since SUSE Cloud 2.0 is EOL
This is an autogenerated message for OBS integration: This bug (852175) was mentioned in https://build.opensuse.org/request/show/265000 13.1 / openstack-dashboard
openSUSE-SU-2015:0078-1: An update that fixes 7 vulnerabilities is now available. Category: security (moderate) Bug References: 852175,869696,871855,885588,891815,908199 CVE References: CVE-2013-6858,CVE-2014-0157,CVE-2014-3473,CVE-2014-3474,CVE-2014-3475,CVE-2014-3594,CVE-2014-8124 Sources used: openSUSE 13.1 (src): openstack-dashboard-2013.2.5.dev2.g9ee7273-4.1, python-django_openstack_auth-1.1.3-4.1