CVE-2017-7400

MEDIUM

OpenStack Horizon 9.x-9.1.1 10.x-10.0.2 11.0.0 - Authenticated Cross-Site Scripting via Federation Mapping

Title source: llm
STIX 2.1

Description

OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/97324
Various Sources x_refsource_confirm
https://launchpad.net/bugs/1667086
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1598
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1739

Scores

CVSS v3 4.8
EPSS 0.0022
EPSS Percentile 44.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (9)
openstack/horizon 9.0.0 (6 CPE variants)
openstack/horizon 9.0.1
openstack/horizon 9.1.0
openstack/horizon 9.1.1
openstack/horizon 10.0.0 (7 CPE variants)
openstack/horizon 10.0.1
openstack/horizon 10.0.2
openstack/horizon 11.0.0
pypi/horizon 9.0 - 9.1.2PyPI
Published Apr 03, 2017
Tracked Since Feb 18, 2026