GCVE - cpe:2.3:a:openstack:horizon:2012.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:openstack:horizon:2012.1:*:*:*:*:*:*:*

part: a version: 2012.1 update: *

Vendor	Openstack (`7b0cf974-b2b5-592e-bdf4-6953805ef02a`)
Product	Horizon (`e7083d4d-18db-5d21-bd2a-55bbcb933374`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/horizon`	purl2cpe	2026-06-01 10:17:03.184507
`pkg:deb/ubuntu/horizon`	purl2cpe	2026-06-01 10:17:03.184508
`pkg:github/openstack/horizon`	purl2cpe	2026-06-01 10:17:03.184509
`pkg:pypi/horizon`	purl2cpe	2026-06-01 10:17:03.184511
`pkg:rpm/opensuse/python-horizon`	purl2cpe	2026-06-01 10:17:03.184512

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2012-3540`	vulnerable	2026-06-03 14:31:58.998023	Details available Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by mistake. Published: 2012-09-05T23:00:00.000Z Updated: 2024-08-06T20:13:50.055Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/78196 https://bugs.launchpad.net/horizon/+bug/1039077 http://www.openwall.com/lists/oss-security/2012/08/30/4 https://github.com/openstack/horizon/commit/35eada8a27323c0f83c400177797927aba6bc99b http://www.ubuntu.com/usn/USN-1565-1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-2144`	vulnerable	2026-06-03 14:31:46.629444	Details available Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie. Published: 2012-06-05T22:00:00.000Z Updated: 2024-08-06T19:26:08.936Z Open on db.gcve.eu Reference links http://secunia.com/advisories/49024 http://www.openwall.com/lists/oss-security/2012/05/05/1 https://exchange.xforce.ibmcloud.com/vulnerabilities/75423 http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081173.html https://bugs.launchpad.net/horizon/+bug/978896	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-2094`	vulnerable	2026-06-03 14:31:46.423015	Details available Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console. Published: 2012-06-05T22:00:00.000Z Updated: 2024-08-06T19:26:07.602Z Open on db.gcve.eu Reference links http://secunia.com/advisories/49024 https://exchange.xforce.ibmcloud.com/vulnerabilities/76136 http://www.osvdb.org/81742 http://ubuntu.com/usn/usn-1439-1 https://bugs.launchpad.net/horizon/+bug/977944	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.