CVE-2015-3221

OpenStack Neutron < 2014.2.4 and 2015.1.x < 2015.1.1 - Authenticated Denial of Service via IPTables Firewall Driver

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-3221.

AI-analyzed exploit summary The document describes multiple persistent and reflected XSS vulnerabilities in GeniXCMS v0.0.3, detailing vulnerable parameters (q, content, title) and affected areas (index.php). It includes example exploit URLs and payloads but lacks functional exploit code.

Description

OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool.

Exploits (1)

exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/37360

The document describes multiple persistent and reflected XSS vulnerabilities in GeniXCMS v0.0.3, detailing vulnerable parameters (q, content, title) and affected areas (index.php). It includes example exploit URLs and payloads but lacks functional exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: GeniXCMS v0.0.3
No auth needed
Prerequisites: Access to the vulnerable GeniXCMS instance
MITRE ATT&CK
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/75368
Third Party Advisory x_refsource_confirm
https://bugs.launchpad.net/neutron/+bug/1461054
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1680.html

Scores

EPSS 0.1431
EPSS Percentile 94.6%

Details

CWE
CWE-20
Status published
Products (2)
openstack/neutron 2014.2 - 2014.2.4
pypi/neutron 0 - 2014.2.4PyPI
Published Aug 26, 2015
Tracked Since Feb 18, 2026