VulnerableCode Package Details - pkg:deb/debian/horizon@3:9.0.1-2~bpo8%2B1

Search for packages

Vulnerability	Summary	Fixed by
VCID-9qpr-314b-xudu Aliases: CVE-2017-7400 GHSA-47vp-44v9-rhgq	OpenStack Horizon Cross-site Scripting (XSS) OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.	3:10.0.1-1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-bz2p-kcg8-nuc6 Aliases: CVE-2020-29565 GHSA-f8fh-xp28-q59m PYSEC-2020-45	An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL.	3:14.0.2-3+deb10u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3:18.6.2-5+deb11u2 Affected by 0 other vulnerabilities.
VCID-jg5v-wx6x-g3ah Aliases: CVE-2022-45582 GHSA-5pv6-rprw-82wv PYSEC-2023-153	Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter.	3:18.6.2-5+deb11u2 Affected by 0 other vulnerabilities.
VCID-t697-h44p-k3hq Aliases: CVE-2016-4428 GHSA-grm6-x6mr-q3cv	OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.	3:10.0.1-1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-9qpr-314b-xudu
Aliases:
CVE-2017-7400
GHSA-47vp-44v9-rhgq

OpenStack Horizon Cross-site Scripting (XSS) OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.

3:10.0.1-1
Affected by 2 other vulnerabilities.

VCID-bz2p-kcg8-nuc6
Aliases:
CVE-2020-29565
GHSA-f8fh-xp28-q59m
PYSEC-2020-45

An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL.

3:14.0.2-3+deb10u2
Affected by 2 other vulnerabilities.

3:18.6.2-5+deb11u2
Affected by 0 other vulnerabilities.

VCID-jg5v-wx6x-g3ah
Aliases:
CVE-2022-45582
GHSA-5pv6-rprw-82wv
PYSEC-2023-153

Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter.

3:18.6.2-5+deb11u2
Affected by 0 other vulnerabilities.

VCID-t697-h44p-k3hq
Aliases:
CVE-2016-4428
GHSA-grm6-x6mr-q3cv

OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.

3:10.0.1-1
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-bd6x-wp7d-8fdj	python-django-horizon: persistent XSS in Horizon metadata dashboard	CVE-2015-3988
VCID-xpdp-h35e-m3cz	Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class.	CVE-2015-3219 GHSA-rhjj-f6gq-6gx2 PYSEC-2015-40

Vulnerability

Summary

Aliases

VCID-bd6x-wp7d-8fdj

python-django-horizon: persistent XSS in Horizon metadata dashboard

CVE-2015-3988

VCID-xpdp-h35e-m3cz

Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class.

CVE-2015-3219
GHSA-rhjj-f6gq-6gx2
PYSEC-2015-40

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T20:39:15.333257+00:00	Debian Oval Importer	Fixing	VCID-xpdp-h35e-m3cz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T19:02:44.294371+00:00	Debian Oval Importer	Affected by	VCID-t697-h44p-k3hq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T17:49:41.560449+00:00	Debian Oval Importer	Fixing	VCID-bd6x-wp7d-8fdj	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T16:50:35.232674+00:00	Debian Oval Importer	Affected by	VCID-jg5v-wx6x-g3ah	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T16:03:00.070830+00:00	Debian Oval Importer	Affected by	VCID-9qpr-314b-xudu	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T14:52:01.957949+00:00	Debian Oval Importer	Affected by	VCID-bz2p-kcg8-nuc6	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.4.0
2026-04-11T22:49:01.751646+00:00	Debian Oval Importer	Affected by	VCID-bz2p-kcg8-nuc6	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T20:20:21.552356+00:00	Debian Oval Importer	Fixing	VCID-xpdp-h35e-m3cz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T18:46:45.456023+00:00	Debian Oval Importer	Affected by	VCID-t697-h44p-k3hq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T17:35:41.460882+00:00	Debian Oval Importer	Fixing	VCID-bd6x-wp7d-8fdj	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T16:37:22.034672+00:00	Debian Oval Importer	Affected by	VCID-jg5v-wx6x-g3ah	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T15:50:33.937748+00:00	Debian Oval Importer	Affected by	VCID-9qpr-314b-xudu	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T14:40:16.544911+00:00	Debian Oval Importer	Affected by	VCID-bz2p-kcg8-nuc6	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.3.0
2026-04-08T22:23:40.971230+00:00	Debian Oval Importer	Affected by	VCID-bz2p-kcg8-nuc6	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T20:01:05.986379+00:00	Debian Oval Importer	Fixing	VCID-xpdp-h35e-m3cz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T18:31:45.908035+00:00	Debian Oval Importer	Affected by	VCID-t697-h44p-k3hq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T17:23:16.623860+00:00	Debian Oval Importer	Fixing	VCID-bd6x-wp7d-8fdj	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T16:28:06.558348+00:00	Debian Oval Importer	Affected by	VCID-jg5v-wx6x-g3ah	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T15:43:59.543269+00:00	Debian Oval Importer	Affected by	VCID-9qpr-314b-xudu	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-07T23:13:18.190194+00:00	Debian Oval Importer	Affected by	VCID-bz2p-kcg8-nuc6	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.1.0