Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-7400

OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.

Published

2017-04-03T14:59:00.167

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 4.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: SINGLE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

6.8

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-79
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application openstack horizon 9.0.0 Yes
Application openstack horizon 9.0.0 Yes
Application openstack horizon 9.0.0 Yes
Application openstack horizon 9.0.0 Yes
Application openstack horizon 9.0.0 Yes
Application openstack horizon 9.0.0 Yes
Application openstack horizon 9.0.1 Yes
Application openstack horizon 9.1.0 Yes
Application openstack horizon 9.1.1 Yes
Application openstack horizon 10.0.0 Yes
Application openstack horizon 10.0.0 Yes
Application openstack horizon 10.0.0 Yes
Application openstack horizon 10.0.0 Yes
Application openstack horizon 10.0.0 Yes
Application openstack horizon 10.0.0 Yes
Application openstack horizon 10.0.0 Yes
Application openstack horizon 10.0.1 Yes
Application openstack horizon 10.0.2 Yes
Application openstack horizon 11.0.0 Yes
References