CVE-2015-3219 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2015-3219 Interim 1 9 2022-10-15T17:00:33Z current 2021-05-30T13:29:37Z 2022-10-15T17:00:33Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2015-3219 Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2015-November/001689.html E-Mail link for SUSE-SU-2015:2064-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Cloud 2.0 SUSE Cloud 4 SUSE Cloud 4 Dependencies SUSE OpenStack Cloud 5 crowbar-barclamp-nova_dashboard-1.9+git.1443622531.b2b2939-9.3 openstack-dashboard openstack-dashboard-2014.2.4~a0~dev12-13.2 python-django_openstack_auth-1.1.7-11.3 python-horizon-2014.2.4~a0~dev12-13.2 crowbar-barclamp-nova_dashboard-1.9+git.1443622531.b2b2939-9.3 as a component of SUSE OpenStack Cloud 5 openstack-dashboard-2014.2.4~a0~dev12-13.2 as a component of SUSE OpenStack Cloud 5 python-django_openstack_auth-1.1.7-11.3 as a component of SUSE OpenStack Cloud 5 python-horizon-2014.2.4~a0~dev12-13.2 as a component of SUSE OpenStack Cloud 5 openstack-dashboard as a component of SUSE Cloud 2.0 openstack-dashboard as a component of SUSE Cloud 4 openstack-dashboard as a component of SUSE Cloud 4 Dependencies Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class. CVE-2015-3219 SUSE OpenStack Cloud 5:crowbar-barclamp-nova_dashboard-1.9+git.1443622531.b2b2939-9.3 SUSE OpenStack Cloud 5:openstack-dashboard-2014.2.4~a0~dev12-13.2 SUSE OpenStack Cloud 5:python-django_openstack_auth-1.1.7-11.3 SUSE OpenStack Cloud 5:python-horizon-2014.2.4~a0~dev12-13.2 SUSE Cloud 2.0:openstack-dashboard SUSE Cloud 4 Dependencies:openstack-dashboard SUSE Cloud 4:openstack-dashboard moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N