CVE-2026-40212

MEDIUM

Openstack Skyline < 5.0.1 - XSS

Title source: rule

Description

OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting (XSS) vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where administrators use the console web interface to view instance console logs.

References (4)

Scores

CVSS v3 5.4
EPSS 0.0003
EPSS Percentile 8.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (3)
OpenStack/Skyline < 5.0.1
OpenStack/Skyline 6.0.0
OpenStack/Skyline 7.0.0
Published Apr 10, 2026
Tracked Since Apr 10, 2026