horizon
PyPI13 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting horizonpage 1 of 1
- CVE-2012-2094NONECVSS 0.0EG 0.0✓ Fixed in 8.0.0a02012-06-05
Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web sc…
- CVE-2012-2144NONECVSS 0.0EG 0.0✓ Fixed in 8.0.0a02012-06-05
Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie.
- CVE-2012-3540NONECVSS 0.0EG 0.0✓ Fixed in 35eada8a27323c0f83c400177797927aba6bc99b2012-09-05
vulnerable: 12.0.2 ... 25.5.1 (98 versions)
Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/…
- CVE-2014-0157NONECVSS 0.0EG 0.0✓ Fixed in 2013.2.42014-04-15
Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via…
- CVE-2014-3473NONECVSS 0.0EG 0.0✓ Fixed in 8.0.0a02014-10-31
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when used with Heat, allow…
- CVE-2014-3474NONECVSS 0.0EG 0.0✓ Fixed in 8.0.0a02014-10-31
Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authentic…
- CVE-2014-3594NONECVSS 0.0EG 0.0✓ Fixed in 8.0.0a02014-08-22
Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML …
- CVE-2015-3219NONECVSS 0.0EG 0.0✓ Fixed in 8.0.0a02015-08-20
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the descrip…
- CVE-2016-4428MEDIUMCVSS 5.4EG 5.4✓ Fixed in 9.1.02016-07-12
Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard …
- CVE-2017-7400MEDIUMCVSS 4.8EG 4.8✓ Fixed in 11.0.12017-04-03
OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.
- CVE-2020-29565MEDIUMCVSS 6.1EG 6.1✓ Fixed in 18.6.02020-12-04
vulnerable: 15.3.0 ... 18.5.0 (16 versions)
An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in …
- CVE-2022-45582MEDIUMCVSS 6.1EG 6.1✓ Fixed in 20.2.02023-08-22
vulnerable: 19.4.0 ... 20.1.4 (7 versions)
Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter.
- CVE-2026-43002MEDIUMCVSS 5.3EG 5.3✓ Fixed in 25.7.32026-05-05
vulnerable: 25.6.0, 25.7.0, 25.7.1, 25.7.2
An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression o…
Check whether horizon is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for horizon CVEs against the assets you own.
Start Free Scan →