Multiple XSS vulnerabilities were reported in OpenStack Horizon: Jason Hullinger from Hewlett Packard, Craig Lorentzen from Cisco and Michael Xin from Rackspace reported 3 cross-site scripting (XSS) vulnerabilities in Horizon. A malicious Orchestration template owner or catalog may conduct an XSS attack once a corrupted template is used in the Orchestration/Stack section of Horizon (CVE-2014-3473). A malicious Horizon user may store an XSS attack by creating a network with a corrupted name (CVE-2014-3474). A malicious Horizon administrator may store an XSS attack by creating a user with a corrupted email address (CVE-2014-3475). Once executed in a legitimate context these attacks may result in potential asset stealing (horizon user/admin access credentials, VMs/Network configuration/management, tenants' confidential information, etc.). All Horizon setups are affected.
This affects all versions up to and including 2014.1.1 and 2013.2.3.
Created python-django-horizon tracking bugs for this issue: Affects: fedora-all [bug 1118141] Affects: epel-6 [bug 1118142]
This issue has been addressed in following products: OpenStack 5 for RHEL 7 Via RHSA-2014:0939 https://rhn.redhat.com/errata/RHSA-2014-0939.html
IssueDescription CVE-2014-3473: A cross-site scripting (XSS) flaw was found in the way orchestration templates were handled. An owner of such a template could use this flaw to perform XSS attacks against other Horizon users. IssueDescription CVE-2014-3474: It was found that network names were not sanitized. A malicious user could use this flaw to perform XSS attacks against other Horizon users by creating a network with a specially-crafted name. IssueDescription CVE-2014-3475: It was found that some email addresses were not sanitized. An administrator could use this flaw to perform XSS attacks against other Horizon users by storing an email address that has a specially-crafted name.
This issue has been addressed in the following products: OpenStack 4 for RHEL 6 Via RHSA-2014:1188 https://rhn.redhat.com/errata/RHSA-2014-1188.html