{"id":"PYSEC-2012-32","details":"Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console.","modified":"2025-10-09T05:18:49.696983Z","published":"2012-06-05T22:55:00Z","withdrawn":"2024-11-22T04:37:04Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/49024"},{"type":"WEB","url":"https://bugs.launchpad.net/horizon/+bug/977944"},{"type":"FIX","url":"https://github.com/openstack/horizon/commit/7f8c788aa70db98ac904f37fa4197fcabb802942"},{"type":"WEB","url":"https://lists.launchpad.net/openstack/msg10211.html"},{"type":"WEB","url":"http://www.osvdb.org/81742"},{"type":"ADVISORY","url":"http://secunia.com/advisories/49071"},{"type":"WEB","url":"http://ubuntu.com/usn/usn-1439-1"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079160.html"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/76136"}],"affected":[{"package":{"name":"horizon","ecosystem":"PyPI","purl":"pkg:pypi/horizon"},"ranges":[{"type":"GIT","repo":"https://github.com/openstack/horizon","events":[{"introduced":"0"},{"fixed":"7f8c788aa70db98ac904f37fa4197fcabb802942"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["12.0.2","12.0.3","12.0.4","13.0.0","13.0.0.0b3","13.0.0.0rc1","13.0.0.0rc2","13.0.1","13.0.2","13.0.3","14.0.0","14.0.0.0b1","14.0.0.0b2","14.0.0.0b3","14.0.0.0rc1","14.0.0.0rc2","14.0.1","14.0.2","14.0.3","14.0.4","14.1.0","15.0.0","15.0.0.0b1","15.0.0.0b2","15.0.0.0rc1","15.0.0.0rc2","15.1.0","15.1.1","15.2.0","15.3.0","15.3.1","15.3.2","16.0.0","16.0.0.0b1","16.0.0.0b2","16.0.0.0rc1","16.0.0.0rc2","16.1.0","16.2.0","16.2.1","16.2.2","17.0.0","17.1.0","18.0.0","18.1.0","18.2.0","18.3.0","18.3.1","18.3.2","18.3.3","18.3.4","18.3.5","18.4.0","18.4.1","18.5.0","18.6.0","18.6.1","18.6.2","18.6.3","18.6.4","19.0.0","19.1.0","19.2.0","19.3.0","19.4.0","20.0.0","20.1.0","20.1.1","20.1.2","20.1.3","20.1.4","20.2.0","21.0.0","22.0.0","22.1.0","22.1.1","22.2.0","23.0.0","23.0.1","23.0.2","23.1.0","23.1.1","23.2.0","23.3.0","23.4.0","24.0.0","25.0.0","25.1.0","23.3.1","24.0.1","24.0.2","25.1.1","25.2.0","25.3.0","25.3.1","25.4.0","25.5.0","25.5.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/horizon/PYSEC-2012-32.yaml"}}],"schema_version":"1.7.3"}