CVE-2014-3497
OpenStack Swift 1.11.0-1.13.1 - Cross-Site Scripting via WWW-Authenticate Header
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header.
References (7)
Core 7
Core References
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2256-1
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59532
Various Sources x_refsource_confirm
https://review.openstack.org/#/c/101031/
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/06/19/10
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/68116
Various Sources mailing-list
x_refsource_mlist
http://lists.openstack.org/pipermail/openstack-announce/2014-June/000243.html
Various Sources x_refsource_confirm
https://review.openstack.org/#/c/101032/
Scores
EPSS
0.0044
EPSS Percentile
63.6%
Details
CWE
CWE-79
Status
published
Products (5)
openstack/swift
1.11.0
openstack/swift
1.12.0
openstack/swift
1.13.0
openstack/swift
1.13.1 (3 CPE variants)
pypi/swift
1.11.0 - 2.0.0PyPI
Published
Jul 03, 2014
Tracked Since
Feb 18, 2026