Known Vulnerabilities for Horizon by Openstack
Listed below are 10 of the newest known vulnerabilities associated with "Horizon" by "Openstack".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-22420 json | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Anco... | Not Provided | 2026-03-05 | 2026-04-01 |
| CVE-2022-45582 json | Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter. | 6.1 - MEDIUM | 2023-08-22 | 2023-12-01 |
| CVE-2020-29565 json | An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5... | 6.1 - MEDIUM | 2020-12-04 | 2021-03-09 |
| CVE-2017-7400 json | OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XS... | 4.8 - MEDIUM | 2017-04-03 | 2018-01-05 |
| CVE-2016-4428 json | Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows re... | 5.4 - MEDIUM | 2016-07-12 | 2023-02-12 |
| CVE-2015-3988 json | Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated user... | 3.5 - LOW | 2015-05-19 | 2016-12-24 |
| CVE-2015-3219 json | Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 20... | 4.3 - MEDIUM | 2015-08-20 | 2016-12-24 |
| CVE-2014-8578 json | Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before ... | 3.5 - LOW | 2014-10-31 | 2021-03-09 |
| CVE-2014-8124 json | OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when usin... | 5 - MEDIUM | 2014-12-12 | 2023-02-13 |
| CVE-2014-3594 json | Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2... | 3.5 - LOW | 2014-08-22 | 2023-02-13 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Openstack | Horizon | juno-3 | |||
| Application | Openstack | Horizon | juno-2 | |||
| Application | Openstack | Horizon | juno-1 | |||
| Application | Openstack | Horizon | folsom-3 | |||
| Application | Openstack | Horizon | folsom-1 | |||
| Application | Openstack | Horizon | 2014.2.3 | |||
| Application | Openstack | Horizon | 2014.2.2 | |||
| Application | Openstack | Horizon | 2014.2.1 | |||
| Application | Openstack | Horizon | 2014.2.0 | |||
| Application | Openstack | Horizon | 2014.1.2 | |||
| Application | Openstack | Horizon | 2014.1.1 | |||
| Application | Openstack | Horizon | 2014.1 | |||
| Application | Openstack | Horizon | 2013.2.4 | |||
| Application | Openstack | Horizon | 2013.2.3 | |||
| Application | Openstack | Horizon | 2013.2.2 | |||
| Application | Openstack | Horizon | 2013.2.1 | |||
| Application | Openstack | Horizon | 2013.2 | |||
| Application | Openstack | Horizon | 2013.1 | |||
| Application | Openstack | Horizon | 2012.2 | |||
| Application | Openstack | Horizon | 2012.1.1 |