Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/horizon@2014.1.3-7
purl pkg:deb/debian/horizon@2014.1.3-7
Next non-vulnerable version 3:18.6.2-5+deb11u2
Latest non-vulnerable version 3:18.6.2-5+deb11u2
Risk 3.1
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-9qpr-314b-xudu
Aliases:
CVE-2017-7400
GHSA-47vp-44v9-rhgq
OpenStack Horizon Cross-site Scripting (XSS) OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.
3:10.0.1-1
Affected by 2 other vulnerabilities.
VCID-bd6x-wp7d-8fdj
Aliases:
CVE-2015-3988
python-django-horizon: persistent XSS in Horizon metadata dashboard
3:9.0.1-2~bpo8+1
Affected by 4 other vulnerabilities.
VCID-bz2p-kcg8-nuc6
Aliases:
CVE-2020-29565
GHSA-f8fh-xp28-q59m
PYSEC-2020-45
An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL.
3:14.0.2-3+deb10u2
Affected by 2 other vulnerabilities.
3:18.6.2-5+deb11u2
Affected by 0 other vulnerabilities.
VCID-jg5v-wx6x-g3ah
Aliases:
CVE-2022-45582
GHSA-5pv6-rprw-82wv
PYSEC-2023-153
Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter.
3:18.6.2-5+deb11u2
Affected by 0 other vulnerabilities.
VCID-t697-h44p-k3hq
Aliases:
CVE-2016-4428
GHSA-grm6-x6mr-q3cv
OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.
2014.1.3-7+deb8u2
Affected by 6 other vulnerabilities.
3:10.0.1-1
Affected by 2 other vulnerabilities.
VCID-xpdp-h35e-m3cz
Aliases:
CVE-2015-3219
GHSA-rhjj-f6gq-6gx2
PYSEC-2015-40
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class.
2014.1.3-7+deb8u2
Affected by 6 other vulnerabilities.
3:9.0.1-2~bpo8+1
Affected by 4 other vulnerabilities.
Vulnerabilities fixed by this package (9)
Vulnerability Summary Aliases
VCID-7zwb-k8zj-r3az OpenStack Dashboard (aka Horizon) vulnerable to Cross-site Scripting Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template. CVE-2014-0157
GHSA-cmg8-5c63-pg95
VCID-dsg5-s5y9-nbe3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when used with Heat, allows remote Orchestration template owners or catalogs to inject arbitrary web script or HTML via a crafted template. CVE-2014-3473
GHSA-8vwv-2v7v-jmgr
VCID-e8ck-eteq-7kb3 openstack: horizon multiple XSS vulnerabilities. CVE-2013-6858
VCID-kvy8-9dgv-nuc1 python-django-horizon: denial of service via login page requests CVE-2014-8124
VCID-n2fx-xctw-r7fr openstack-horizon: multiple XSS flaws CVE-2014-8578
VCID-rc85-fmv7-6fh8 OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability in the Host Aggregates interface Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name. CVE-2014-3594
GHSA-8g68-2hcj-h8vg
VCID-ryy7-2bu5-gbaf Credentials Management The Identity v3 API in OpenStack Dashboard (Horizon) does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user. CVE-2013-4471
VCID-tngh-mgyc-xka4 openstack-horizon: multiple XSS flaws CVE-2014-3475
VCID-zxjy-82n2-mkdb Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a network name. CVE-2014-3474
GHSA-j57p-g33w-95c5

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-15T17:58:53.459835+00:00 Debian Oval Importer Fixing VCID-ryy7-2bu5-gbaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T17:49:41.554089+00:00 Debian Oval Importer Affected by VCID-bd6x-wp7d-8fdj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T17:24:45.480668+00:00 Debian Oval Importer Fixing VCID-kvy8-9dgv-nuc1 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T16:59:28.243373+00:00 Debian Oval Importer Fixing VCID-7zwb-k8zj-r3az https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T16:51:16.589568+00:00 Debian Oval Importer Fixing VCID-rc85-fmv7-6fh8 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T16:50:35.225542+00:00 Debian Oval Importer Affected by VCID-jg5v-wx6x-g3ah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T16:29:12.776414+00:00 Debian Oval Importer Fixing VCID-tngh-mgyc-xka4 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T16:03:00.064224+00:00 Debian Oval Importer Affected by VCID-9qpr-314b-xudu https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T15:29:28.954825+00:00 Debian Oval Importer Fixing VCID-dsg5-s5y9-nbe3 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T14:52:01.951269+00:00 Debian Oval Importer Affected by VCID-bz2p-kcg8-nuc6 https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 38.4.0
2026-04-15T13:56:14.209154+00:00 Debian Oval Importer Affected by VCID-t697-h44p-k3hq https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.4.0
2026-04-15T13:50:08.631220+00:00 Debian Oval Importer Affected by VCID-xpdp-h35e-m3cz https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.4.0
2026-04-11T22:51:18.672073+00:00 Debian Oval Importer Fixing VCID-n2fx-xctw-r7fr https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T22:49:01.743816+00:00 Debian Oval Importer Affected by VCID-bz2p-kcg8-nuc6 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T21:50:43.879651+00:00 Debian Oval Importer Fixing VCID-e8ck-eteq-7kb3 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T21:49:43.880766+00:00 Debian Oval Importer Fixing VCID-zxjy-82n2-mkdb https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T20:20:21.544427+00:00 Debian Oval Importer Affected by VCID-xpdp-h35e-m3cz https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T18:46:45.448161+00:00 Debian Oval Importer Affected by VCID-t697-h44p-k3hq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T17:44:44.358004+00:00 Debian Oval Importer Fixing VCID-ryy7-2bu5-gbaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T17:35:41.453364+00:00 Debian Oval Importer Affected by VCID-bd6x-wp7d-8fdj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T17:11:08.375649+00:00 Debian Oval Importer Fixing VCID-kvy8-9dgv-nuc1 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T16:46:05.243968+00:00 Debian Oval Importer Fixing VCID-7zwb-k8zj-r3az https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T16:38:02.088675+00:00 Debian Oval Importer Fixing VCID-rc85-fmv7-6fh8 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T16:37:22.026320+00:00 Debian Oval Importer Affected by VCID-jg5v-wx6x-g3ah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T16:16:21.632355+00:00 Debian Oval Importer Fixing VCID-tngh-mgyc-xka4 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T15:50:33.924962+00:00 Debian Oval Importer Affected by VCID-9qpr-314b-xudu https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T15:17:33.902404+00:00 Debian Oval Importer Fixing VCID-dsg5-s5y9-nbe3 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T14:40:16.536803+00:00 Debian Oval Importer Affected by VCID-bz2p-kcg8-nuc6 https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 38.3.0
2026-04-11T13:44:53.925761+00:00 Debian Oval Importer Affected by VCID-t697-h44p-k3hq https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.3.0
2026-04-11T13:38:50.146225+00:00 Debian Oval Importer Affected by VCID-xpdp-h35e-m3cz https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.3.0
2026-04-08T22:25:52.514665+00:00 Debian Oval Importer Fixing VCID-n2fx-xctw-r7fr https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T22:23:40.963637+00:00 Debian Oval Importer Affected by VCID-bz2p-kcg8-nuc6 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T21:28:15.900760+00:00 Debian Oval Importer Fixing VCID-e8ck-eteq-7kb3 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T21:27:19.970812+00:00 Debian Oval Importer Fixing VCID-zxjy-82n2-mkdb https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T20:01:05.970656+00:00 Debian Oval Importer Affected by VCID-xpdp-h35e-m3cz https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T18:31:45.898802+00:00 Debian Oval Importer Affected by VCID-t697-h44p-k3hq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T17:32:03.336547+00:00 Debian Oval Importer Fixing VCID-ryy7-2bu5-gbaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T17:23:16.614527+00:00 Debian Oval Importer Affected by VCID-bd6x-wp7d-8fdj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T17:00:08.718396+00:00 Debian Oval Importer Fixing VCID-kvy8-9dgv-nuc1 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T16:36:24.802207+00:00 Debian Oval Importer Fixing VCID-7zwb-k8zj-r3az https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T16:28:43.884033+00:00 Debian Oval Importer Fixing VCID-rc85-fmv7-6fh8 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T16:28:06.542565+00:00 Debian Oval Importer Affected by VCID-jg5v-wx6x-g3ah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T16:08:34.081493+00:00 Debian Oval Importer Fixing VCID-tngh-mgyc-xka4 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T15:43:59.533813+00:00 Debian Oval Importer Affected by VCID-9qpr-314b-xudu https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T15:12:17.943652+00:00 Debian Oval Importer Fixing VCID-dsg5-s5y9-nbe3 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-07T23:13:18.180318+00:00 Debian Oval Importer Affected by VCID-bz2p-kcg8-nuc6 https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 38.1.0
2026-04-07T22:20:26.017400+00:00 Debian Oval Importer Affected by VCID-t697-h44p-k3hq https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.1.0
2026-04-07T22:14:24.914510+00:00 Debian Oval Importer Affected by VCID-xpdp-h35e-m3cz https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.1.0