CVE-2013-6858

Publication date 23 November 2013

Last updated 24 July 2024


Ubuntu priority

Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page.

Read the notes from the security team

Status

Package Ubuntu Release Status
horizon 13.10 saucy
Fixed 1:2013.2-0ubuntu1.1
13.04 raring
Fixed 1:2013.1.4-0ubuntu1.1
12.10 quantal
Fixed 2012.2.4-0ubuntu1.1
12.04 LTS precise
Not affected
10.04 LTS lucid Not in release

Notes


mdeslaur

OSSA 2013-036


jdstrand

this is the same as CVE-2013-6406

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
horizon