Every CVE whose affected-product data names Openstack Horizon, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (22)
CVE-2012-2144 — CVSS 6.8 (medium): Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the…
CVE-2020-29565 — CVSS 6.1 (medium): An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a…
CVE-2022-45582 — CVSS 6.1 (medium): Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter.
CVE-2012-3540 — CVSS 5.8 (medium): Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect…
CVE-2012-5474 — CVSS 5.5 (medium): The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon…
CVE-2012-5476 — CVSS 5.5 (medium): Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which…
CVE-2013-4471 — CVSS 5.5 (medium): The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not require the current password when changing passwords for user…
CVE-2016-4428 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote…
CVE-2014-8124 — CVSS 5.0 (medium): OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or…
CVE-2012-3426 — CVSS 4.9 (medium): OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token…
CVE-2017-7400 — CVSS 4.8 (medium): OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via…
CVE-2012-2094 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack…
CVE-2012-3542 — CVSS 4.3 (medium): OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary…
CVE-2013-6858 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject…
CVE-2014-0157 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4…
CVE-2014-3473 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard…
CVE-2015-3219 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and…
CVE-2014-8578 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and…
CVE-2014-3594 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before…
CVE-2014-3475 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before…
CVE-2014-3474 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack…