What is the severity of CVE-2014-3594?

CVE-2014-3594 is classified as a medium severity vulnerability due to its cross-site scripting nature.

How do I fix CVE-2014-3594?

To fix CVE-2014-3594, upgrade the OpenStack Horizon package to version 8.0.0a0 or later, or ensure you are using versions 2013.2.4 or later, or 2014.1.2 or later.

Which versions of OpenStack Horizon are affected by CVE-2014-3594?

CVE-2014-3594 affects OpenStack Horizon versions prior to 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3.

Is CVE-2014-3594 a remote exploit vulnerability?

Yes, CVE-2014-3594 allows remote administrators to inject arbitrary web scripts or HTML via the Host Aggregates interface.

What type of vulnerability is CVE-2014-3594?

CVE-2014-3594 is a persistent cross-site scripting (XSS) vulnerability.

Vulnerability/
CVE-2014-3594

low

3.5

CWE

13/8/2014

22/8/2014

13/5/2022

6/8/2024

CVE-2014-3594: XSS

First published: Wed Aug 13 2014(Updated: )

Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
pip/horizon	<8.0.0a0	8.0.0a0
OpenStack Horizon	>=2013.2<2013.2.4
OpenStack Horizon	>=2014.1<2014.1.2
OpenStack Horizon	=juno-1
OpenStack Horizon	=juno-2
SUSE Linux	=13.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-3594?
CVE-2014-3594 is classified as a medium severity vulnerability due to its cross-site scripting nature.
How do I fix CVE-2014-3594?
To fix CVE-2014-3594, upgrade the OpenStack Horizon package to version 8.0.0a0 or later, or ensure you are using versions 2013.2.4 or later, or 2014.1.2 or later.
Which versions of OpenStack Horizon are affected by CVE-2014-3594?
CVE-2014-3594 affects OpenStack Horizon versions prior to 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3.
Is CVE-2014-3594 a remote exploit vulnerability?
Yes, CVE-2014-3594 allows remote administrators to inject arbitrary web scripts or HTML via the Host Aggregates interface.
What type of vulnerability is CVE-2014-3594?
CVE-2014-3594 is a persistent cross-site scripting (XSS) vulnerability.

agent/type
agent/weakness
agent/remedy
collector/github-advisory-latest
source/GitHub
alias/GHSA-8g68-2hcj-h8vg
alias/CVE-2014-3594
agent/software-canonical-lookup
collector/redhat-bugzilla
source/Red Hat
agent/severity
agent/references
agent/author
agent/first-publish-date
agent/description
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
package-manager/pip
vendor/openstack
canonical/openstack horizon
version/openstack horizon/2013.2
version/openstack horizon/2014.1
version/openstack horizon/juno-1
version/openstack horizon/juno-2
vendor/opensuse
canonical/suse linux
version/suse linux/13.1

CVE-2014-3594: XSS

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-3594?

How do I fix CVE-2014-3594?

Which versions of OpenStack Horizon are affected by CVE-2014-3594?

Is CVE-2014-3594 a remote exploit vulnerability?

What type of vulnerability is CVE-2014-3594?

Company

Resources

Contact