Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-zxjy-82n2-mkdb
Vulnerability ID VCID-zxjy-82n2-mkdb
Aliases CVE-2014-3474
GHSA-j57p-g33w-95c5
Summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a network name.
Status Published
Exploitability 0.5
Weighted Severity 3.1
Risk 1.6
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual LOW http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html
generic_textual LOW https://access.redhat.com/errata/RHSA-2014:0939
generic_textual LOW https://access.redhat.com/errata/RHSA-2014:1188
generic_textual LOW https://access.redhat.com/security/cve/CVE-2014-3474
epss 0.00303 https://api.first.org/data/v1/epss?cve=CVE-2014-3474
epss 0.00303 https://api.first.org/data/v1/epss?cve=CVE-2014-3474
epss 0.00303 https://api.first.org/data/v1/epss?cve=CVE-2014-3474
epss 0.00303 https://api.first.org/data/v1/epss?cve=CVE-2014-3474
epss 0.00303 https://api.first.org/data/v1/epss?cve=CVE-2014-3474
epss 0.00303 https://api.first.org/data/v1/epss?cve=CVE-2014-3474
epss 0.00303 https://api.first.org/data/v1/epss?cve=CVE-2014-3474
epss 0.00303 https://api.first.org/data/v1/epss?cve=CVE-2014-3474
epss 0.00303 https://api.first.org/data/v1/epss?cve=CVE-2014-3474
epss 0.00303 https://api.first.org/data/v1/epss?cve=CVE-2014-3474
epss 0.00303 https://api.first.org/data/v1/epss?cve=CVE-2014-3474
epss 0.00303 https://api.first.org/data/v1/epss?cve=CVE-2014-3474
epss 0.00303 https://api.first.org/data/v1/epss?cve=CVE-2014-3474
epss 0.00303 https://api.first.org/data/v1/epss?cve=CVE-2014-3474
epss 0.00303 https://api.first.org/data/v1/epss?cve=CVE-2014-3474
generic_textual LOW https://bugs.launchpad.net/horizon/+bug/1322197
generic_textual LOW https://bugzilla.redhat.com/show_bug.cgi?id=1116090
cvssv3.1_qr LOW https://github.com/advisories/GHSA-j57p-g33w-95c5
generic_textual LOW https://github.com/openstack/horizon/commit/32a7b713468161282f2ea01d5e2faff980d924cd
generic_textual LOW https://github.com/openstack/horizon/commit/c844bd692894353c60b320005b804970605e910f
generic_textual LOW https://github.com/openstack/horizon/commit/de4466d88b816437fb29eff5ab23b9b964cd3985
cvssv2 3.5 https://nvd.nist.gov/vuln/detail/CVE-2014-3474
generic_textual LOW https://nvd.nist.gov/vuln/detail/CVE-2014-3474
generic_textual LOW https://opendev.org/openstack/horizon
generic_textual LOW https://review.opendev.org/c/openstack/horizon/+/105476
generic_textual LOW https://review.openstack.org/#/c/105477
generic_textual LOW http://www.openwall.com/lists/oss-security/2014/07/08/6
generic_textual LOW http://www.securityfocus.com/bid/68460
Reference id Reference type URL
http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html
https://access.redhat.com/errata/RHSA-2014:0939
https://access.redhat.com/errata/RHSA-2014:1188
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3474.json
https://api.first.org/data/v1/epss?cve=CVE-2014-3474
https://bugs.launchpad.net/horizon/+bug/1322197
https://bugzilla.redhat.com/show_bug.cgi?id=1116090
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3474
https://github.com/openstack/horizon/commit/32a7b713468161282f2ea01d5e2faff980d924cd
https://github.com/openstack/horizon/commit/c844bd692894353c60b320005b804970605e910f
https://github.com/openstack/horizon/commit/de4466d88b816437fb29eff5ab23b9b964cd3985
https://opendev.org/openstack/horizon
https://review.opendev.org/c/openstack/horizon/+/105476
https://review.openstack.org/#/c/105477
http://www.openwall.com/lists/oss-security/2014/07/08/6
http://www.securityfocus.com/bid/68460
754255 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754255
cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*
cpe:2.3:a:openstack:horizon:juno-1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:juno-1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
CVE-2014-3474 https://access.redhat.com/security/cve/CVE-2014-3474
CVE-2014-3474 https://nvd.nist.gov/vuln/detail/CVE-2014-3474
GHSA-j57p-g33w-95c5 https://github.com/advisories/GHSA-j57p-g33w-95c5
USN-2323-1 https://usn.ubuntu.com/2323-1/
No exploits are available.
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2014-3474
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.53539
EPSS Score 0.00303
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:50:23.263344+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/horizon/CVE-2014-3474.yml 38.0.0