CVE-2026-40212

MEDIUM

OpenStack Skyline < 5.0.1, 6.0.0, 7.0.0 - DOM-based Cross-Site Scripting via Unsafe document.write

Title source: llm

Description

OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting (XSS) vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where administrators use the console web interface to view instance console logs.

References (4)

Core 4

Core References

https://bugs.launchpad.net/skyline-console/+bug/2138575

https://review.opendev.org/973351

https://www.openwall.com/lists/oss-security/2026/04/09/30

https://security.openstack.org/ossa/OSSA-2026-006.html

Scores

CVSS v3 5.4

EPSS 0.0022

EPSS Percentile 12.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (3)

OpenStack/Skyline < 5.0.1

OpenStack/Skyline 6.0.0

OpenStack/Skyline 7.0.0

Published Apr 10, 2026

Tracked Since Apr 10, 2026