CVE-2015-3988 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2015-3988 Interim 1 10 2022-10-15T16:59:23Z current 2021-05-30T13:30:15Z 2022-10-15T16:59:23Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2015-3988 Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2015-November/001689.html E-Mail link for SUSE-SU-2015:2064-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Cloud 2.0 SUSE Cloud 4 Dependencies SUSE OpenStack Cloud 5 SUSE OpenStack Cloud 6 crowbar-barclamp-nova_dashboard-1.9+git.1443622531.b2b2939-9.3 openstack-dashboard openstack-dashboard-2014.2.4~a0~dev12-13.2 openstack-dashboard-8.0.2~a0~dev7-2.1 python-django_openstack_auth-1.1.7-11.3 python-horizon-2014.2.4~a0~dev12-13.2 python-horizon-8.0.2~a0~dev7-2.1 crowbar-barclamp-nova_dashboard-1.9+git.1443622531.b2b2939-9.3 as a component of SUSE OpenStack Cloud 5 openstack-dashboard-2014.2.4~a0~dev12-13.2 as a component of SUSE OpenStack Cloud 5 python-django_openstack_auth-1.1.7-11.3 as a component of SUSE OpenStack Cloud 5 python-horizon-2014.2.4~a0~dev12-13.2 as a component of SUSE OpenStack Cloud 5 openstack-dashboard-8.0.2~a0~dev7-2.1 as a component of SUSE OpenStack Cloud 6 python-horizon-8.0.2~a0~dev7-2.1 as a component of SUSE OpenStack Cloud 6 openstack-dashboard as a component of SUSE Cloud 2.0 openstack-dashboard as a component of SUSE Cloud 4 Dependencies Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate. CVE-2015-3988 SUSE OpenStack Cloud 5:crowbar-barclamp-nova_dashboard-1.9+git.1443622531.b2b2939-9.3 SUSE OpenStack Cloud 5:openstack-dashboard-2014.2.4~a0~dev12-13.2 SUSE OpenStack Cloud 5:python-django_openstack_auth-1.1.7-11.3 SUSE OpenStack Cloud 5:python-horizon-2014.2.4~a0~dev12-13.2 SUSE OpenStack Cloud 6:openstack-dashboard-8.0.2~a0~dev7-2.1 SUSE OpenStack Cloud 6:python-horizon-8.0.2~a0~dev7-2.1 SUSE Cloud 2.0:openstack-dashboard SUSE Cloud 4 Dependencies:openstack-dashboard moderate 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N