OSSA-2014-023: Multiple XSS vulnerabilities in Horizon


July 08, 2014


CVE-2014-3473, CVE-2014-3474, CVE-2014-3475


  • Horizon: up to 2013.2.3, and 2014.1 versions up to 2014.1.1


Jason Hullinger from Hewlett Packard, Craig Lorentzen from Cisco and Michael Xin from Rackspace reported 3 cross-site scripting (XSS) vulnerabilities in Horizon. A malicious Orchestration template owner or catalog may conduct an XSS attack once a corrupted template is used in the Orchestration/Stack section of Horizon. A malicious Horizon user may store an XSS attack by creating a network with a corrupted name. A malicious Horizon administrator may store an XSS attack by creating a user with a corrupted email address. Once executed in a legitimate context these attacks may result in potential asset stealing (horizon user/admin access credentials, VMs/Network configuration/management, tenants’ confidential information, etc.). All Horizon setups are affected.



  • Jason Hullinger from HP (CVE-2014-3473)

  • Craig Lorentzen from Cisco (CVE-2014-3474)

  • Michael Xin from Rackspace (CVE-2014-3475)