Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/924935?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/924935?format=api", "purl": "pkg:deb/debian/horizon@3:25.3.0-3?distro=trixie", "type": "deb", "namespace": "debian", "name": "horizon", "version": "3:25.3.0-3", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "3:25.7.1-1", "latest_non_vulnerable_version": "3:25.7.1-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5291?format=api", "vulnerability_id": "VCID-1159-xhmc-5bc1", "summary": "Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by mistake.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3540.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3540.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3540", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01906", "scoring_system": "epss", "scoring_elements": "0.8327", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01906", "scoring_system": "epss", "scoring_elements": "0.83202", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01906", "scoring_system": "epss", "scoring_elements": "0.83218", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01906", "scoring_system": "epss", "scoring_elements": "0.83232", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01906", "scoring_system": "epss", "scoring_elements": "0.83231", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01906", "scoring_system": "epss", "scoring_elements": "0.83256", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01906", "scoring_system": "epss", "scoring_elements": "0.83265", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01906", "scoring_system": "epss", "scoring_elements": "0.83281", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01906", "scoring_system": "epss", "scoring_elements": "0.83275", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3540" }, { "reference_url": "https://bugs.launchpad.net/horizon/+bug/1039077", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.launchpad.net/horizon/+bug/1039077" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3540", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3540" }, { "reference_url": "http://secunia.com/advisories/50480", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/50480" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78196" }, { "reference_url": "https://github.com/openstack/horizon/commit/35eada8a27323c0f83c400177797927aba6bc99b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openstack/horizon/commit/35eada8a27323c0f83c400177797927aba6bc99b" }, { "reference_url": "https://lists.launchpad.net/openstack/msg16278.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.launchpad.net/openstack/msg16278.html" }, { "reference_url": "https://lists.launchpad.net/openstack/msg16281.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.launchpad.net/openstack/msg16281.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/08/30/4", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/08/30/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/08/30/5", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/08/30/5" }, { "reference_url": "http://www.securityfocus.com/bid/55329", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/55329" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1565-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-1565-1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686050", "reference_id": "686050", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686050" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=852246", "reference_id": "852246", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=852246" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:2012.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:2012.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:2012.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3540", "reference_id": "CVE-2012-3540", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3540" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1380", "reference_id": "RHSA-2012:1380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1380" }, { "reference_url": "https://usn.ubuntu.com/1565-1/", "reference_id": "USN-1565-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1565-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924937?format=api", "purl": "pkg:deb/debian/horizon@2012.1.1-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@2012.1.1-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924933?format=api", "purl": "pkg:deb/debian/horizon@3:18.6.2-5%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:18.6.2-5%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924931?format=api", "purl": "pkg:deb/debian/horizon@3:23.0.0-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:23.0.0-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924935?format=api", "purl": "pkg:deb/debian/horizon@3:25.3.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.3.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924934?format=api", "purl": "pkg:deb/debian/horizon@3:25.7.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.7.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-3540", "PYSEC-2012-18" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1159-xhmc-5bc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5276?format=api", "vulnerability_id": "VCID-4kyr-d25r-eqeb", "summary": "Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079160.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079160.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2094", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.79955", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.79963", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.7998", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.7996", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.79907", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.79922", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.79934", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.79913", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.79951", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2094" }, { "reference_url": "https://bugs.launchpad.net/horizon/+bug/977944", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/horizon/+bug/977944" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2094", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2094" }, { "reference_url": "http://secunia.com/advisories/49024", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/49024" }, { "reference_url": "http://secunia.com/advisories/49071", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/49071" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76136", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76136" }, { "reference_url": "https://github.com/openstack/horizon/commit/7f8c788aa70db98ac904f37fa4197fcabb802942", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/horizon/commit/7f8c788aa70db98ac904f37fa4197fcabb802942" }, { "reference_url": "https://github.com/openstack/horizon/commit/ab2e27522aaeb0268fcc121bd3eff5a4485f313c", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/horizon/commit/ab2e27522aaeb0268fcc121bd3eff5a4485f313c" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/horizon/PYSEC-2012-32.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/horizon/PYSEC-2012-32.yaml" }, { "reference_url": "https://lists.launchpad.net/openstack/msg10211.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.launchpad.net/openstack/msg10211.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2094", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2094" }, { "reference_url": "http://ubuntu.com/usn/usn-1439-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://ubuntu.com/usn/usn-1439-1" }, { "reference_url": "http://www.osvdb.org/81742", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.osvdb.org/81742" }, { "reference_url": "https://github.com/advisories/GHSA-j772-hpmw-32rm", "reference_id": "GHSA-j772-hpmw-32rm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j772-hpmw-32rm" }, { "reference_url": "https://usn.ubuntu.com/1439-1/", "reference_id": "USN-1439-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1439-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924932?format=api", "purl": "pkg:deb/debian/horizon@2012.1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@2012.1-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924933?format=api", "purl": "pkg:deb/debian/horizon@3:18.6.2-5%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:18.6.2-5%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924931?format=api", "purl": "pkg:deb/debian/horizon@3:23.0.0-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:23.0.0-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924935?format=api", "purl": "pkg:deb/debian/horizon@3:25.3.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.3.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924934?format=api", "purl": "pkg:deb/debian/horizon@3:25.7.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.7.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-2094", "GHSA-j772-hpmw-32rm", "PYSEC-2012-32" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4kyr-d25r-eqeb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5274?format=api", "vulnerability_id": "VCID-62pm-hxst-4ugn", "summary": "Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081173.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081173.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2144", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02937", "scoring_system": "epss", "scoring_elements": "0.86429", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02937", "scoring_system": "epss", "scoring_elements": "0.86435", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02937", "scoring_system": "epss", "scoring_elements": "0.86364", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02937", "scoring_system": "epss", "scoring_elements": "0.86423", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02937", "scoring_system": "epss", "scoring_elements": "0.86412", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02937", "scoring_system": "epss", "scoring_elements": "0.86394", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02937", "scoring_system": "epss", "scoring_elements": "0.86392", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02937", "scoring_system": "epss", "scoring_elements": "0.86375", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02937", "scoring_system": "epss", "scoring_elements": "0.86436", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2144" }, { "reference_url": "https://bugs.launchpad.net/horizon/+bug/978896", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/horizon/+bug/978896" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2144", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2144" }, { "reference_url": "http://secunia.com/advisories/49024", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/49024" }, { "reference_url": "http://secunia.com/advisories/49071", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/49071" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75423", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75423" }, { "reference_url": "https://github.com/openstack/horizon", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/horizon" }, { "reference_url": "https://github.com/openstack/horizon/commit/041b1c44c7d6cf5429505067c32f8f35166a8bab", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/horizon/commit/041b1c44c7d6cf5429505067c32f8f35166a8bab" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/horizon/PYSEC-2012-33.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/horizon/PYSEC-2012-33.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2144", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2144" }, { "reference_url": "https://web.archive.org/web/20200228173630/http://www.securityfocus.com/bid/53399", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228173630/http://www.securityfocus.com/bid/53399" }, { "reference_url": "http://ubuntu.com/usn/usn-1439-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://ubuntu.com/usn/usn-1439-1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/05/05/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/05/05/1" }, { "reference_url": "http://www.osvdb.org/81741", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.osvdb.org/81741" }, { "reference_url": "http://www.securityfocus.com/bid/53399", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/53399" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=671604", "reference_id": "671604", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=671604" }, { "reference_url": "https://github.com/advisories/GHSA-w7h9-8wr4-hwqh", "reference_id": "GHSA-w7h9-8wr4-hwqh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w7h9-8wr4-hwqh" }, { "reference_url": "https://usn.ubuntu.com/1439-1/", "reference_id": "USN-1439-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1439-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924936?format=api", "purl": "pkg:deb/debian/horizon@2012.1-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@2012.1-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924933?format=api", "purl": "pkg:deb/debian/horizon@3:18.6.2-5%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:18.6.2-5%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924931?format=api", "purl": "pkg:deb/debian/horizon@3:23.0.0-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:23.0.0-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924935?format=api", "purl": "pkg:deb/debian/horizon@3:25.3.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.3.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924934?format=api", "purl": "pkg:deb/debian/horizon@3:25.7.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.7.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-2144", "GHSA-w7h9-8wr4-hwqh", "PYSEC-2012-33" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-62pm-hxst-4ugn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15426?format=api", "vulnerability_id": "VCID-7zwb-k8zj-r3az", "summary": "OpenStack Dashboard (aka Horizon) vulnerable to Cross-site Scripting\nCross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0581", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:0581" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0157.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0157.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0157", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49908", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49892", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49891", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49919", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49901", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49837", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49874", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49902", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49853", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0157" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1082858", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1082858" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0157" }, { "reference_url": "https://launchpad.net/bugs/1289033", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1289033" }, { "reference_url": "https://opendev.org/openstack/horizon", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/horizon" }, { "reference_url": "https://web.archive.org/web/20200228185211/http://www.securityfocus.com/bid/66706", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228185211/http://www.securityfocus.com/bid/66706" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/04/08/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/04/08/8" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744019", "reference_id": "744019", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744019" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2014-0157", "reference_id": "CVE-2014-0157", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2014-0157" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0157", "reference_id": "CVE-2014-0157", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0157" }, { "reference_url": "https://github.com/advisories/GHSA-cmg8-5c63-pg95", "reference_id": "GHSA-cmg8-5c63-pg95", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cmg8-5c63-pg95" }, { "reference_url": "https://usn.ubuntu.com/2206-1/", "reference_id": "USN-2206-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2206-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924942?format=api", "purl": "pkg:deb/debian/horizon@2013.2.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@2013.2.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924933?format=api", "purl": "pkg:deb/debian/horizon@3:18.6.2-5%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:18.6.2-5%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924931?format=api", "purl": "pkg:deb/debian/horizon@3:23.0.0-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:23.0.0-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924935?format=api", "purl": "pkg:deb/debian/horizon@3:25.3.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.3.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924934?format=api", "purl": "pkg:deb/debian/horizon@3:25.7.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.7.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-0157", "GHSA-cmg8-5c63-pg95" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7zwb-k8zj-r3az" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15843?format=api", "vulnerability_id": "VCID-9qpr-314b-xudu", "summary": "OpenStack Horizon Cross-site Scripting (XSS)\nOpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1598", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1598" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1739", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1739" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7400.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7400.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7400", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44959", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44929", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44936", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44935", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44883", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44941", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44921", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44927", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44838", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7400" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:P" }, { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://launchpad.net/bugs/1667086", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1667086" }, { "reference_url": "https://opendev.org/openstack/horizon/commit/1407cfe53144146b29679de21f28c952282043ae", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/horizon/commit/1407cfe53144146b29679de21f28c952282043ae" }, { "reference_url": "https://opendev.org/openstack/horizon/commit/511b325b45b6bd7a88bb6df1a4639b80d0121277", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/horizon/commit/511b325b45b6bd7a88bb6df1a4639b80d0121277" }, { "reference_url": "https://opendev.org/openstack/horizon/commit/a835dbfbaa2c70329c08d4b8429d49315dc6d651", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/horizon/commit/a835dbfbaa2c70329c08d4b8429d49315dc6d651" }, { "reference_url": "https://opendev.org/openstack/horizon/commit/ce80bb6fec3cb0262728e7ae8b9d695cf832e5bf", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/horizon/commit/ce80bb6fec3cb0262728e7ae8b9d695cf832e5bf" }, { "reference_url": "http://www.securityfocus.com/bid/97324", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/97324" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1439626", "reference_id": "1439626", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1439626" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859559", "reference_id": "859559", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859559" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:10.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:10.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:10.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:10.0.0:b1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:10.0.0:b1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:10.0.0:b1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:10.0.0:b2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:10.0.0:b2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:10.0.0:b2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:10.0.0:b3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:10.0.0:b3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:10.0.0:b3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:10.0.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:10.0.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:10.0.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:10.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:10.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:10.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:10.0.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:10.0.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:10.0.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:10.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:10.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:10.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:10.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:10.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:10.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:11.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:11.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:11.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:9.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:9.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:9.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:9.0.0:b1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:9.0.0:b1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:9.0.0:b1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:9.0.0:b2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:9.0.0:b2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:9.0.0:b2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:9.0.0:b3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:9.0.0:b3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:9.0.0:b3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:9.0.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:9.0.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:9.0.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:9.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:9.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:9.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:9.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:9.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:9.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:9.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:9.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:9.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:9.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:9.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:9.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7400", "reference_id": "CVE-2017-7400", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:P/A:N" }, { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7400" }, { "reference_url": "https://github.com/advisories/GHSA-47vp-44v9-rhgq", "reference_id": "GHSA-47vp-44v9-rhgq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-47vp-44v9-rhgq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924949?format=api", "purl": "pkg:deb/debian/horizon@3:10.0.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:10.0.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924933?format=api", "purl": "pkg:deb/debian/horizon@3:18.6.2-5%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:18.6.2-5%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924931?format=api", "purl": "pkg:deb/debian/horizon@3:23.0.0-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:23.0.0-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924935?format=api", "purl": "pkg:deb/debian/horizon@3:25.3.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.3.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924934?format=api", "purl": "pkg:deb/debian/horizon@3:25.7.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.7.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-7400", "GHSA-47vp-44v9-rhgq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9qpr-314b-xudu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85689?format=api", "vulnerability_id": "VCID-bd6x-wp7d-8fdj", "summary": "python-django-horizon: persistent XSS in Horizon metadata dashboard", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3988.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3988.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3988", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57588", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57672", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57694", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57669", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57723", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57726", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57742", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.5772", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57701", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3988" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3988", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3988" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222871", "reference_id": "1222871", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222871" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786741", "reference_id": "786741", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786741" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1679", "reference_id": "RHSA-2015:1679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1679" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924947?format=api", "purl": "pkg:deb/debian/horizon@2015.1.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@2015.1.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924933?format=api", "purl": "pkg:deb/debian/horizon@3:18.6.2-5%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:18.6.2-5%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924931?format=api", "purl": "pkg:deb/debian/horizon@3:23.0.0-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:23.0.0-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924935?format=api", "purl": "pkg:deb/debian/horizon@3:25.3.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.3.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924934?format=api", "purl": "pkg:deb/debian/horizon@3:25.7.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.7.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-3988" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bd6x-wp7d-8fdj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6211?format=api", "vulnerability_id": "VCID-bz2p-kcg8-nuc6", "summary": "An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the \"next\" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-29565.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-29565.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-29565", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72167", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72212", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72226", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72243", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72172", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72219", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72207", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72193", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.7217", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-29565" }, { "reference_url": "https://bugs.launchpad.net/horizon/+bug/1865026", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/horizon/+bug/1865026" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29565", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29565" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/horizon", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/horizon" }, { "reference_url": "https://github.com/openstack/horizon/commit/252467100f75587e18df9c43ed5802ee8f0017fa", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/horizon/commit/252467100f75587e18df9c43ed5802ee8f0017fa" }, { "reference_url": "https://github.com/openstack/horizon/commit/6c208edf323ced07b15ec4bc3879bddb91d398bc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/horizon/commit/6c208edf323ced07b15ec4bc3879bddb91d398bc" }, { "reference_url": "https://github.com/openstack/horizon/commit/9e0e333ab5277b6c396f602862ff90398cb0242b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/horizon/commit/9e0e333ab5277b6c396f602862ff90398cb0242b" }, { "reference_url": "https://github.com/openstack/horizon/commit/baa370f84332ad41502daea29a551705696f4421", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/horizon/commit/baa370f84332ad41502daea29a551705696f4421" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/horizon/PYSEC-2020-45.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/horizon/PYSEC-2020-45.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29565", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29565" }, { "reference_url": "https://review.opendev.org/c/openstack/horizon/+/758841", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.opendev.org/c/openstack/horizon/+/758841" }, { "reference_url": "https://review.opendev.org/c/openstack/horizon/+/758841/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://review.opendev.org/c/openstack/horizon/+/758841/" }, { "reference_url": "https://review.opendev.org/c/openstack/horizon/+/758843", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.opendev.org/c/openstack/horizon/+/758843" }, { "reference_url": "https://review.opendev.org/c/openstack/horizon/+/758843/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://review.opendev.org/c/openstack/horizon/+/758843/" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2020-008.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2020-008.html" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4820", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4820" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/12/08/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2020/12/08/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1811510", "reference_id": "1811510", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1811510" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976872", "reference_id": "976872", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976872" }, { "reference_url": "https://github.com/advisories/GHSA-f8fh-xp28-q59m", "reference_id": "GHSA-f8fh-xp28-q59m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f8fh-xp28-q59m" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5411", "reference_id": "RHSA-2020:5411", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5411" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5572", "reference_id": "RHSA-2020:5572", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5572" }, { "reference_url": "https://usn.ubuntu.com/4675-1/", "reference_id": "USN-4675-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4675-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924950?format=api", "purl": "pkg:deb/debian/horizon@3:18.6.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:18.6.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924933?format=api", "purl": "pkg:deb/debian/horizon@3:18.6.2-5%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:18.6.2-5%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924931?format=api", "purl": "pkg:deb/debian/horizon@3:23.0.0-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:23.0.0-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924935?format=api", "purl": "pkg:deb/debian/horizon@3:25.3.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.3.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924934?format=api", "purl": "pkg:deb/debian/horizon@3:25.7.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.7.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-29565", "GHSA-f8fh-xp28-q59m", "PYSEC-2020-45" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bz2p-kcg8-nuc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15172?format=api", "vulnerability_id": "VCID-dsg5-s5y9-nbe3", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when used with Heat, allows remote Orchestration template owners or catalogs to inject arbitrary web script or HTML via a crafted template.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0939", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:0939" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1188", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1188" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3473.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3473.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3473", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.60698", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.60738", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.60577", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.60652", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.6068", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.60649", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.60713", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.60705", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.60725", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3473" }, { "reference_url": "https://bugs.launchpad.net/horizon/+bug/1308727", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/horizon/+bug/1308727" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1116090", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1116090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3473" }, { "reference_url": "https://github.com/openstack/horizon/commit/c844bd692894353c60b320005b804970605e910f", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/horizon/commit/c844bd692894353c60b320005b804970605e910f" }, { "reference_url": "https://github.com/openstack/horizon/commit/de4466d88b816437fb29eff5ab23b9b964cd3985", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/horizon/commit/de4466d88b816437fb29eff5ab23b9b964cd3985" }, { "reference_url": "https://opendev.org/openstack/horizon", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/horizon" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/07/08/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/07/08/6" }, { "reference_url": "http://www.securityfocus.com/bid/68459", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/68459" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754255", "reference_id": "754255", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754255" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:juno-1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:juno-1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:juno-1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2014-3473", "reference_id": "CVE-2014-3473", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2014-3473" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3473", "reference_id": "CVE-2014-3473", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3473" }, { "reference_url": "https://github.com/advisories/GHSA-8vwv-2v7v-jmgr", "reference_id": "GHSA-8vwv-2v7v-jmgr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8vwv-2v7v-jmgr" }, { "reference_url": "https://usn.ubuntu.com/2323-1/", "reference_id": "USN-2323-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2323-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924943?format=api", "purl": "pkg:deb/debian/horizon@2014.1.1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@2014.1.1-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924933?format=api", "purl": "pkg:deb/debian/horizon@3:18.6.2-5%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:18.6.2-5%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924931?format=api", "purl": "pkg:deb/debian/horizon@3:23.0.0-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:23.0.0-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924935?format=api", "purl": "pkg:deb/debian/horizon@3:25.3.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.3.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924934?format=api", "purl": "pkg:deb/debian/horizon@3:25.7.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.7.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-3473", "GHSA-8vwv-2v7v-jmgr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dsg5-s5y9-nbe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86468?format=api", "vulnerability_id": "VCID-e8ck-eteq-7kb3", "summary": "openstack: horizon multiple XSS vulnerabilities.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6858.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6858.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6858", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00478", "scoring_system": "epss", "scoring_elements": "0.64899", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00478", "scoring_system": "epss", "scoring_elements": "0.64949", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00478", "scoring_system": "epss", "scoring_elements": "0.64976", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00478", "scoring_system": "epss", "scoring_elements": "0.64939", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00478", "scoring_system": "epss", "scoring_elements": "0.64989", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00478", "scoring_system": "epss", "scoring_elements": "0.65003", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00478", "scoring_system": "epss", "scoring_elements": "0.65021", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00478", "scoring_system": "epss", "scoring_elements": "0.6501", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00478", "scoring_system": "epss", "scoring_elements": "0.64983", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6858" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6858", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6858" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1034153", "reference_id": "1034153", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1034153" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730752", "reference_id": "730752", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730752" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0365", "reference_id": "RHSA-2014:0365", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0365" }, { "reference_url": "https://usn.ubuntu.com/2062-1/", "reference_id": "USN-2062-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2062-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924941?format=api", "purl": "pkg:deb/debian/horizon@2013.2-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@2013.2-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924933?format=api", "purl": "pkg:deb/debian/horizon@3:18.6.2-5%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:18.6.2-5%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924931?format=api", "purl": "pkg:deb/debian/horizon@3:23.0.0-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:23.0.0-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924935?format=api", "purl": "pkg:deb/debian/horizon@3:25.3.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.3.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924934?format=api", "purl": "pkg:deb/debian/horizon@3:25.7.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.7.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-6858" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e8ck-eteq-7kb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85773?format=api", "vulnerability_id": "VCID-g2c2-v9pm-wyc3", "summary": "dashboard: log file arbitrary file retrieval", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0271.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0271.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0271", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41933", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41995", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.42022", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41948", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41998", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.42009", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.42032", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41994", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.4198", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0271" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1193638", "reference_id": "1193638", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1193638" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0645", "reference_id": "RHSA-2015:0645", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0645" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0840", "reference_id": "RHSA-2015:0840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0841", "reference_id": "RHSA-2015:0841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0841" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924939?format=api", "purl": "pkg:deb/debian/horizon@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924933?format=api", "purl": "pkg:deb/debian/horizon@3:18.6.2-5%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:18.6.2-5%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924931?format=api", "purl": "pkg:deb/debian/horizon@3:23.0.0-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:23.0.0-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924935?format=api", "purl": "pkg:deb/debian/horizon@3:25.3.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.3.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924934?format=api", "purl": "pkg:deb/debian/horizon@3:25.7.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.7.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-0271" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g2c2-v9pm-wyc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10931?format=api", "vulnerability_id": "VCID-jg5v-wx6x-g3ah", "summary": "Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45582", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52029", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52092", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52107", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52124", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52072", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52075", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52021", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52055", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45582" }, { "reference_url": "https://bugs.launchpad.net/horizon/+bug/1982676", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/horizon/+bug/1982676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45582", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45582" }, { "reference_url": "https://github.com/openstack/horizon", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/horizon" }, { "reference_url": "https://github.com/openstack/horizon/blob/master/horizon/workflows/views.py#L96-L102", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/horizon/blob/master/horizon/workflows/views.py#L96-L102" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/horizon/PYSEC-2023-153.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/horizon/PYSEC-2023-153.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00033.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00033.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00000.html" }, { "reference_url": "https://opendev.org/openstack/horizon/commit/79d139594290779b2f74ca894332aa7f2f7e4735", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/horizon/commit/79d139594290779b2f74ca894332aa7f2f7e4735" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45582", "reference_id": "CVE-2022-45582", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45582" }, { "reference_url": "https://github.com/advisories/GHSA-5pv6-rprw-82wv", "reference_id": "GHSA-5pv6-rprw-82wv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5pv6-rprw-82wv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924933?format=api", "purl": "pkg:deb/debian/horizon@3:18.6.2-5%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:18.6.2-5%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924931?format=api", "purl": "pkg:deb/debian/horizon@3:23.0.0-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:23.0.0-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924951?format=api", "purl": "pkg:deb/debian/horizon@3:23.1.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:23.1.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924935?format=api", "purl": "pkg:deb/debian/horizon@3:25.3.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.3.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924934?format=api", "purl": "pkg:deb/debian/horizon@3:25.7.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.7.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-45582", "GHSA-5pv6-rprw-82wv", "PYSEC-2023-153" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jg5v-wx6x-g3ah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86031?format=api", "vulnerability_id": "VCID-kvy8-9dgv-nuc1", "summary": "python-django-horizon: denial of service via login page requests", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147520.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147520.html" }, { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2014-December/000308.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.openstack.org/pipermail/openstack-announce/2014-December/000308.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0839.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2015-0839.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0845.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2015-0845.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8124.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8124.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8124", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0083", "scoring_system": "epss", "scoring_elements": "0.74531", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0083", "scoring_system": "epss", "scoring_elements": "0.74484", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0083", "scoring_system": "epss", "scoring_elements": "0.74488", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0083", "scoring_system": "epss", "scoring_elements": "0.74514", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0083", "scoring_system": "epss", "scoring_elements": "0.74489", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0083", "scoring_system": "epss", "scoring_elements": "0.74521", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0083", "scoring_system": "epss", "scoring_elements": "0.74536", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0083", "scoring_system": "epss", "scoring_elements": "0.74558", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0083", "scoring_system": "epss", "scoring_elements": "0.74538", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8124" }, { "reference_url": "https://bugs.launchpad.net/horizon/+bug/1394370", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.launchpad.net/horizon/+bug/1394370" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8124", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8124" }, { "reference_url": "http://secunia.com/advisories/61186", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61186" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1169637", "reference_id": "1169637", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1169637" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772710", "reference_id": "772710", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772710" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8124", "reference_id": "CVE-2014-8124", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0839", "reference_id": "RHSA-2015:0839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0845", "reference_id": "RHSA-2015:0845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0845" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924945?format=api", "purl": "pkg:deb/debian/horizon@2014.1.3-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@2014.1.3-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924933?format=api", "purl": "pkg:deb/debian/horizon@3:18.6.2-5%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:18.6.2-5%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924931?format=api", "purl": "pkg:deb/debian/horizon@3:23.0.0-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:23.0.0-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924935?format=api", "purl": "pkg:deb/debian/horizon@3:25.3.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.3.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924934?format=api", "purl": "pkg:deb/debian/horizon@3:25.7.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.7.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-8124" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kvy8-9dgv-nuc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86214?format=api", "vulnerability_id": "VCID-n2fx-xctw-r7fr", "summary": "openstack-horizon: multiple XSS flaws", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8578.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8578.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8578", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.5479", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.5471", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54779", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54801", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54771", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54821", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54818", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54829", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54812", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8578" }, { "reference_url": "https://bugs.launchpad.net/horizon/+bug/1320235", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.launchpad.net/horizon/+bug/1320235" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8578", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8578" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/07/08/6", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2014/07/08/6" }, { "reference_url": "http://www.securityfocus.com/bid/68456", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/68456" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:juno-1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:juno-1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:juno-1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8578", "reference_id": "CVE-2014-8578", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:P/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8578" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924943?format=api", "purl": "pkg:deb/debian/horizon@2014.1.1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@2014.1.1-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924933?format=api", "purl": "pkg:deb/debian/horizon@3:18.6.2-5%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:18.6.2-5%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924931?format=api", "purl": "pkg:deb/debian/horizon@3:23.0.0-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:23.0.0-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924935?format=api", "purl": "pkg:deb/debian/horizon@3:25.3.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.3.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924934?format=api", "purl": "pkg:deb/debian/horizon@3:25.7.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.7.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-8578" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n2fx-xctw-r7fr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92416?format=api", "vulnerability_id": "VCID-prw2-h932-67d3", "summary": "The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5474", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20762", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20909", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20969", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20683", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.2076", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20821", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20839", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20795", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20743", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5474" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5474" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924938?format=api", "purl": "pkg:deb/debian/horizon@2012.1.1-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@2012.1.1-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924933?format=api", "purl": "pkg:deb/debian/horizon@3:18.6.2-5%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:18.6.2-5%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924931?format=api", "purl": "pkg:deb/debian/horizon@3:23.0.0-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:23.0.0-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924935?format=api", "purl": "pkg:deb/debian/horizon@3:25.3.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.3.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924934?format=api", "purl": "pkg:deb/debian/horizon@3:25.7.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.7.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-5474" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-prw2-h932-67d3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15071?format=api", "vulnerability_id": "VCID-rc85-fmv7-6fh8", "summary": "OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability in the Host Aggregates interface\nCross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1335.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1335.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1336.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1336.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1188", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1335", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1335" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1336", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1336" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3594.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3594.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3594", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.69602", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.69535", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.69547", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.69563", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.69541", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.69592", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.69608", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.69631", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.69615", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3594" }, { "reference_url": "https://bugs.launchpad.net/horizon/+bug/1349491", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/horizon/+bug/1349491" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1129774", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1129774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3594", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3594" }, { "reference_url": "http://seclists.org/oss-sec/2014/q3/413", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2014/q3/413" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95378", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95378" }, { "reference_url": "https://github.com/openstack/horizon/commit/ba2c98aea0db0d03200c811b86b3efe8367f3905", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/horizon/commit/ba2c98aea0db0d03200c811b86b3efe8367f3905" }, { "reference_url": "https://github.com/openstack/horizon/commit/ba908ae88d5925f4f6783eb234cc4ea95017472b", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/horizon/commit/ba908ae88d5925f4f6783eb234cc4ea95017472b" }, { "reference_url": "https://review.openstack.org/#/c/115310", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/115310" }, { "reference_url": "https://review.openstack.org/#/c/115311", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/115311" }, { "reference_url": "https://review.openstack.org/#/c/115313", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/115313" }, { "reference_url": "https://review.openstack.org/#/c/115313/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://review.openstack.org/#/c/115313/" }, { "reference_url": "http://www.securityfocus.com/bid/69291", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/69291" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758930", "reference_id": "758930", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758930" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:juno-1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:juno-1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:juno-1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:juno-2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:juno-2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:juno-2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2014-3594", "reference_id": "CVE-2014-3594", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2014-3594" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3594", "reference_id": "CVE-2014-3594", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:P/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3594" }, { "reference_url": "https://github.com/advisories/GHSA-8g68-2hcj-h8vg", "reference_id": "GHSA-8g68-2hcj-h8vg", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8g68-2hcj-h8vg" }, { "reference_url": "https://usn.ubuntu.com/2323-1/", "reference_id": "USN-2323-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2323-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924944?format=api", "purl": "pkg:deb/debian/horizon@2014.1.2-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@2014.1.2-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924933?format=api", "purl": "pkg:deb/debian/horizon@3:18.6.2-5%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:18.6.2-5%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924931?format=api", "purl": "pkg:deb/debian/horizon@3:23.0.0-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:23.0.0-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924935?format=api", "purl": "pkg:deb/debian/horizon@3:25.3.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.3.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924934?format=api", "purl": "pkg:deb/debian/horizon@3:25.7.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.7.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-3594", "GHSA-8g68-2hcj-h8vg" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rc85-fmv7-6fh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6948?format=api", "vulnerability_id": "VCID-ryy7-2bu5-gbaf", "summary": "Credentials Management\nThe Identity v3 API in OpenStack Dashboard (Horizon) does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4471.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4471.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4471", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39665", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39813", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39836", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39757", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39812", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39826", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39835", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39799", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39783", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4471" }, { "reference_url": "https://bugs.launchpad.net/horizon/+bug/1237989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.launchpad.net/horizon/+bug/1237989" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4471" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1023586", "reference_id": "1023586", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1023586" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924940?format=api", "purl": "pkg:deb/debian/horizon@2013.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@2013.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924933?format=api", "purl": "pkg:deb/debian/horizon@3:18.6.2-5%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:18.6.2-5%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924931?format=api", "purl": "pkg:deb/debian/horizon@3:23.0.0-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:23.0.0-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924935?format=api", "purl": "pkg:deb/debian/horizon@3:25.3.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.3.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924934?format=api", "purl": "pkg:deb/debian/horizon@3:25.7.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.7.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4471" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ryy7-2bu5-gbaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14669?format=api", "vulnerability_id": "VCID-t697-h44p-k3hq", "summary": "OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability\nCross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1268", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:1268" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1269", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:1269" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1270", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:1270" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1271", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:1271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1272", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:1272" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4428.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4428.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4428", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68525", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68592", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68622", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68634", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68609", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68591", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.6854", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68562", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68544", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4428" }, { "reference_url": "https://bugs.launchpad.net/horizon/+bug/1567673", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/horizon/+bug/1567673" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343982", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343982" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3219", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3219" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4428", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4428" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/horizon/commit/62b4e6f30a7ae7961805abdffdb3c7ae5c2b676a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/horizon/commit/62b4e6f30a7ae7961805abdffdb3c7ae5c2b676a" }, { "reference_url": "https://github.com/openstack/horizon/commit/d585e5eb9acf92d10d39b6c2038917a7e8ac71bb", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/horizon/commit/d585e5eb9acf92d10d39b6c2038917a7e8ac71bb" }, { "reference_url": "https://github.com/openstack/horizon/commit/fc8d70560401f3985e5672a4c580f10d51e985a4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/horizon/commit/fc8d70560401f3985e5672a4c580f10d51e985a4" }, { "reference_url": "https://review.openstack.org/329996", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/329996" }, { "reference_url": "https://review.openstack.org/329997", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/329997" }, { "reference_url": "https://review.openstack.org/329998", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/329998" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2016-010.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2016-010.html" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3617", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3617" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/06/17/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/06/17/4" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828967", "reference_id": "828967", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828967" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:9.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:9.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:9.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:9.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:9.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:9.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2016-4428", "reference_id": "CVE-2016-4428", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2016-4428" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4428", "reference_id": "CVE-2016-4428", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:P/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4428" }, { "reference_url": "https://github.com/advisories/GHSA-grm6-x6mr-q3cv", "reference_id": "GHSA-grm6-x6mr-q3cv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-grm6-x6mr-q3cv" }, { "reference_url": "https://usn.ubuntu.com/3447-1/", "reference_id": "USN-3447-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3447-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924948?format=api", "purl": "pkg:deb/debian/horizon@3:9.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:9.0.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924933?format=api", "purl": "pkg:deb/debian/horizon@3:18.6.2-5%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:18.6.2-5%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924931?format=api", "purl": "pkg:deb/debian/horizon@3:23.0.0-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:23.0.0-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924935?format=api", "purl": "pkg:deb/debian/horizon@3:25.3.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.3.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924934?format=api", "purl": "pkg:deb/debian/horizon@3:25.7.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.7.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-4428", "GHSA-grm6-x6mr-q3cv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t697-h44p-k3hq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86213?format=api", "vulnerability_id": "VCID-tngh-mgyc-xka4", "summary": "openstack-horizon: multiple XSS flaws", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3475.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3475.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3475", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58132", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58021", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58106", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58127", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58101", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58156", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.5816", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58175", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58152", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3475" }, { "reference_url": "https://bugs.launchpad.net/horizon/+bug/1320235", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.launchpad.net/horizon/+bug/1320235" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3475" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/07/08/6", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2014/07/08/6" }, { "reference_url": "http://www.securityfocus.com/bid/68456", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/68456" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754255", "reference_id": "754255", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754255" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:juno-1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:juno-1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:juno-1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3475", "reference_id": "CVE-2014-3475", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:P/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3475" }, { "reference_url": "https://usn.ubuntu.com/2323-1/", "reference_id": "USN-2323-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2323-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924943?format=api", "purl": "pkg:deb/debian/horizon@2014.1.1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@2014.1.1-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924933?format=api", "purl": "pkg:deb/debian/horizon@3:18.6.2-5%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:18.6.2-5%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924931?format=api", "purl": "pkg:deb/debian/horizon@3:23.0.0-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:23.0.0-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924935?format=api", "purl": "pkg:deb/debian/horizon@3:25.3.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.3.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924934?format=api", "purl": "pkg:deb/debian/horizon@3:25.7.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.7.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-3475" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tngh-mgyc-xka4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/142002?format=api", "vulnerability_id": "VCID-uam9-tmby-wye7", "summary": "Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5476", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34885", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.35083", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.3511", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.3499", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.35034", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.35062", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.35066", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.3503", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.35007", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5476" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924939?format=api", "purl": "pkg:deb/debian/horizon@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924933?format=api", "purl": "pkg:deb/debian/horizon@3:18.6.2-5%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:18.6.2-5%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924931?format=api", "purl": "pkg:deb/debian/horizon@3:23.0.0-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:23.0.0-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924935?format=api", "purl": "pkg:deb/debian/horizon@3:25.3.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.3.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924934?format=api", "purl": "pkg:deb/debian/horizon@3:25.7.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.7.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-5476" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uam9-tmby-wye7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5482?format=api", "vulnerability_id": "VCID-xpdp-h35e-m3cz", "summary": "Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class.", "references": [ { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2015-June/000361.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openstack.org/pipermail/openstack-announce/2015-June/000361.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1679.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1679.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3219.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3219.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3219", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00408", "scoring_system": "epss", "scoring_elements": "0.61196", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00408", "scoring_system": "epss", "scoring_elements": "0.61074", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00408", "scoring_system": "epss", "scoring_elements": "0.61152", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00408", "scoring_system": "epss", "scoring_elements": "0.6118", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00408", "scoring_system": "epss", "scoring_elements": "0.61145", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00408", "scoring_system": "epss", "scoring_elements": "0.61194", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00408", "scoring_system": "epss", "scoring_elements": "0.61209", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00408", "scoring_system": "epss", "scoring_elements": "0.61229", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00408", "scoring_system": "epss", "scoring_elements": "0.61215", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3219" }, { "reference_url": "https://bugs.launchpad.net/horizon/+bug/1453074", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/horizon/+bug/1453074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3219", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3219" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4428", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4428" }, { "reference_url": "https://github.com/openstack/horizon", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/horizon" }, { "reference_url": "https://github.com/openstack/horizon/commit/28d8f49786d6df297b2574514916fa782e941e09", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/horizon/commit/28d8f49786d6df297b2574514916fa782e941e09" }, { "reference_url": "https://github.com/openstack/horizon/commit/84da479739fbfff75d9492d00fd0ed1a31ea52b3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/horizon/commit/84da479739fbfff75d9492d00fd0ed1a31ea52b3" }, { "reference_url": "https://github.com/openstack/horizon/commit/dab92e7d2f576caea8f81c8e22a516fb45633794", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/horizon/commit/dab92e7d2f576caea8f81c8e22a516fb45633794" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/horizon/PYSEC-2015-40.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/horizon/PYSEC-2015-40.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3219", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3219" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3617", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3617" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/06/09/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2015/06/09/7" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" }, { "reference_url": "http://www.securityfocus.com/bid/75109", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/75109" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228534", "reference_id": "1228534", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228534" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788306", "reference_id": "788306", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788306" }, { "reference_url": "https://github.com/advisories/GHSA-rhjj-f6gq-6gx2", "reference_id": "GHSA-rhjj-f6gq-6gx2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rhjj-f6gq-6gx2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1679", "reference_id": "RHSA-2015:1679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1679" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924946?format=api", "purl": "pkg:deb/debian/horizon@2015.1.0%2B2015.06.09.git15.e63af6c598-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@2015.1.0%252B2015.06.09.git15.e63af6c598-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924933?format=api", "purl": "pkg:deb/debian/horizon@3:18.6.2-5%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:18.6.2-5%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924931?format=api", "purl": "pkg:deb/debian/horizon@3:23.0.0-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:23.0.0-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924935?format=api", "purl": "pkg:deb/debian/horizon@3:25.3.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.3.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924934?format=api", "purl": "pkg:deb/debian/horizon@3:25.7.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.7.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-3219", "GHSA-rhjj-f6gq-6gx2", "PYSEC-2015-40" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xpdp-h35e-m3cz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79522?format=api", "vulnerability_id": "VCID-y6r1-kubt-pudv", "summary": "OpenStack: Horizon session cookies are not flagged HttpOnly", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1655.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1655.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1655", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41055", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41137", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41167", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41094", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41142", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.4115", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.4117", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.4112", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1655" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075681", "reference_id": "2075681", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8856", "reference_id": "RHSA-2022:8856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8856" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924939?format=api", "purl": "pkg:deb/debian/horizon@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924933?format=api", "purl": "pkg:deb/debian/horizon@3:18.6.2-5%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:18.6.2-5%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924931?format=api", "purl": "pkg:deb/debian/horizon@3:23.0.0-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:23.0.0-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924935?format=api", "purl": "pkg:deb/debian/horizon@3:25.3.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.3.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924934?format=api", "purl": "pkg:deb/debian/horizon@3:25.7.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.7.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-1655" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y6r1-kubt-pudv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15213?format=api", "vulnerability_id": "VCID-zxjy-82n2-mkdb", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a network name.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0939", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:0939" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1188", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1188" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3474.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3474.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3474", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53617", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53539", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53561", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53588", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53556", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53606", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53602", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53651", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53634", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3474" }, { "reference_url": "https://bugs.launchpad.net/horizon/+bug/1322197", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/horizon/+bug/1322197" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1116090", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1116090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3474" }, { "reference_url": "https://github.com/openstack/horizon/commit/32a7b713468161282f2ea01d5e2faff980d924cd", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/horizon/commit/32a7b713468161282f2ea01d5e2faff980d924cd" }, { "reference_url": "https://github.com/openstack/horizon/commit/c844bd692894353c60b320005b804970605e910f", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/horizon/commit/c844bd692894353c60b320005b804970605e910f" }, { "reference_url": "https://github.com/openstack/horizon/commit/de4466d88b816437fb29eff5ab23b9b964cd3985", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/horizon/commit/de4466d88b816437fb29eff5ab23b9b964cd3985" }, { "reference_url": "https://opendev.org/openstack/horizon", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/horizon" }, { "reference_url": "https://review.opendev.org/c/openstack/horizon/+/105476", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.opendev.org/c/openstack/horizon/+/105476" }, { "reference_url": "https://review.openstack.org/#/c/105477", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/105477" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/07/08/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/07/08/6" }, { "reference_url": "http://www.securityfocus.com/bid/68460", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/68460" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754255", "reference_id": "754255", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754255" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:juno-1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:horizon:juno-1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:juno-1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2014-3474", "reference_id": "CVE-2014-3474", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2014-3474" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3474", "reference_id": "CVE-2014-3474", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:P/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3474" }, { "reference_url": "https://github.com/advisories/GHSA-j57p-g33w-95c5", "reference_id": "GHSA-j57p-g33w-95c5", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j57p-g33w-95c5" }, { "reference_url": "https://usn.ubuntu.com/2323-1/", "reference_id": "USN-2323-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2323-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924943?format=api", "purl": "pkg:deb/debian/horizon@2014.1.1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@2014.1.1-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924933?format=api", "purl": "pkg:deb/debian/horizon@3:18.6.2-5%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:18.6.2-5%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924931?format=api", "purl": "pkg:deb/debian/horizon@3:23.0.0-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:23.0.0-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924935?format=api", "purl": "pkg:deb/debian/horizon@3:25.3.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.3.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924934?format=api", "purl": "pkg:deb/debian/horizon@3:25.7.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.7.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-3474", "GHSA-j57p-g33w-95c5" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zxjy-82n2-mkdb" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.3.0-3%3Fdistro=trixie" }