CVE-2017-7400

MEDIUM

OpenStack Horizon <11.0.0 - XSS

Title source: llm

Description

OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.

References (4)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/97324

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2017:1598

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2017:1739

[Various Sources] https://launchpad.net/bugs/1667086

Scores

CVSS v3 4.8

EPSS 0.0022

EPSS Percentile 44.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status draft

Affected Products (20)

openstack/horizon

... and 5 more

Timeline

Published Apr 03, 2017

Tracked Since Feb 18, 2026