Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-rc85-fmv7-6fh8
Vulnerability ID VCID-rc85-fmv7-6fh8
Aliases CVE-2014-3594
GHSA-8g68-2hcj-h8vg
Summary OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability in the Host Aggregates interface Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name.
Status Published
Exploitability 0.5
Weighted Severity 3.1
Risk 1.6
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual LOW http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html
generic_textual LOW http://rhn.redhat.com/errata/RHSA-2014-1335.html
generic_textual LOW http://rhn.redhat.com/errata/RHSA-2014-1336.html
generic_textual LOW https://access.redhat.com/errata/RHSA-2014:1188
generic_textual LOW https://access.redhat.com/errata/RHSA-2014:1335
generic_textual LOW https://access.redhat.com/errata/RHSA-2014:1336
generic_textual LOW https://access.redhat.com/security/cve/CVE-2014-3594
epss 0.00605 https://api.first.org/data/v1/epss?cve=CVE-2014-3594
epss 0.00605 https://api.first.org/data/v1/epss?cve=CVE-2014-3594
epss 0.00605 https://api.first.org/data/v1/epss?cve=CVE-2014-3594
epss 0.00605 https://api.first.org/data/v1/epss?cve=CVE-2014-3594
epss 0.00605 https://api.first.org/data/v1/epss?cve=CVE-2014-3594
epss 0.00605 https://api.first.org/data/v1/epss?cve=CVE-2014-3594
epss 0.00605 https://api.first.org/data/v1/epss?cve=CVE-2014-3594
epss 0.00605 https://api.first.org/data/v1/epss?cve=CVE-2014-3594
epss 0.00605 https://api.first.org/data/v1/epss?cve=CVE-2014-3594
generic_textual LOW https://bugs.launchpad.net/horizon/+bug/1349491
generic_textual LOW https://bugzilla.redhat.com/show_bug.cgi?id=1129774
generic_textual LOW http://seclists.org/oss-sec/2014/q3/413
generic_textual LOW https://exchange.xforce.ibmcloud.com/vulnerabilities/95378
cvssv3.1_qr LOW https://github.com/advisories/GHSA-8g68-2hcj-h8vg
generic_textual LOW https://github.com/openstack/horizon/commit/ba2c98aea0db0d03200c811b86b3efe8367f3905
generic_textual LOW https://github.com/openstack/horizon/commit/ba908ae88d5925f4f6783eb234cc4ea95017472b
cvssv2 3.5 https://nvd.nist.gov/vuln/detail/CVE-2014-3594
generic_textual LOW https://nvd.nist.gov/vuln/detail/CVE-2014-3594
generic_textual LOW https://review.openstack.org/#/c/115310
generic_textual LOW https://review.openstack.org/#/c/115311
generic_textual LOW https://review.openstack.org/#/c/115313
generic_textual LOW http://www.securityfocus.com/bid/69291
Reference id Reference type URL
http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html
http://rhn.redhat.com/errata/RHSA-2014-1335.html
http://rhn.redhat.com/errata/RHSA-2014-1336.html
https://access.redhat.com/errata/RHSA-2014:1188
https://access.redhat.com/errata/RHSA-2014:1335
https://access.redhat.com/errata/RHSA-2014:1336
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3594.json
https://api.first.org/data/v1/epss?cve=CVE-2014-3594
https://bugs.launchpad.net/horizon/+bug/1349491
https://bugzilla.redhat.com/show_bug.cgi?id=1129774
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3594
http://seclists.org/oss-sec/2014/q3/413
https://exchange.xforce.ibmcloud.com/vulnerabilities/95378
https://github.com/openstack/horizon/commit/ba2c98aea0db0d03200c811b86b3efe8367f3905
https://github.com/openstack/horizon/commit/ba908ae88d5925f4f6783eb234cc4ea95017472b
https://review.openstack.org/#/c/115310
https://review.openstack.org/#/c/115311
https://review.openstack.org/#/c/115313
https://review.openstack.org/#/c/115313/
http://www.securityfocus.com/bid/69291
758930 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758930
cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*
cpe:2.3:a:openstack:horizon:juno-1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:juno-1:*:*:*:*:*:*:*
cpe:2.3:a:openstack:horizon:juno-2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:juno-2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
CVE-2014-3594 https://access.redhat.com/security/cve/CVE-2014-3594
CVE-2014-3594 https://nvd.nist.gov/vuln/detail/CVE-2014-3594
GHSA-8g68-2hcj-h8vg https://github.com/advisories/GHSA-8g68-2hcj-h8vg
USN-2323-1 https://usn.ubuntu.com/2323-1/
No exploits are available.
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2014-3594
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.69535
EPSS Score 0.00605
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:50:19.936683+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/horizon/CVE-2014-3594.yml 38.0.0