CVE-2015-3219

Name: CVE-2015-3219
Creator: NVD / NIST
Published: 2015-08-20T20:59:00.117+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.76%

Last modified Jun 17, 2026

CVE-2015-3219 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class.. EPSS estimates a 2.76% chance of exploitation in the next 30 days.

Description

Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class.

Metrics

EPSS Probability

2.76%

84.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions
Debian	Debian Linux	8.0
Openstack	Horizon	2014.2.0
Openstack	Horizon	2014.2.1
Openstack	Horizon	2014.2.2
Openstack	Horizon	2014.2.3
Openstack	Horizon	2015.1.0
Oracle	Solaris	11.2

References

http://lists.openstack.org/pipermail/openstack-announce/2015-June/000361.htmlPatch, Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-1679.html
http://www.debian.org/security/2016/dsa-3617Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/06/09/7Patch
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlThird Party Advisory
http://www.securityfocus.com/bid/75109Third Party Advisory
https://bugs.launchpad.net/horizon/+bug/1453074Exploit, Vendor Advisory
http://lists.openstack.org/pipermail/openstack-announce/2015-June/000361.htmlPatch, Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-1679.html
http://www.debian.org/security/2016/dsa-3617Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/06/09/7Patch
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlThird Party Advisory
http://www.securityfocus.com/bid/75109Third Party Advisory
https://bugs.launchpad.net/horizon/+bug/1453074Exploit, Vendor Advisory

Timeline

Published: Aug 20, 2015
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-3219?

How severe is CVE-2015-3219?

Severity scoring for CVE-2015-3219 is pending analysis. The EPSS model estimates a 2.76% probability of exploitation in the next 30 days.

How do I fix CVE-2015-3219?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-3219?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST