VIR Vulnerability Intelligence Relay

CVE-2017-7400

medium
Published 2022-05-14 · Modified 2026-05-13
CVSS v3
4.8
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
CVSS v2
3.5
VIR risk
4.8

Description

OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.

Predictions

Exploit likelihood
58%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2017-7400

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2017-7400.html

OS impact
OSVersionStatusFixed in
suse slesaffected
debian debianbookwormfixed3:10.0.1-1
debian debianbullseyefixed3:10.0.1-1
debian debianforkyfixed3:10.0.1-1
debian debiansidfixed3:10.0.1-1
debian debiantrixiefixed3:10.0.1-1

Package impact
EcosystemPackageVulnerableFixed
python PyPIhorizon>=10.0,<10.0.310.0.3
python PyPIhorizon>=11.0.0,<11.0.111.0.1
python PyPIhorizon>=9.0,<9.1.29.1.2

Application impact
VendorProductVersionsFixed
openstackhorizon9.0.0
openstackhorizon9.0.1
openstackhorizon9.1.0
openstackhorizon9.1.1
openstackhorizon10.0.0
openstackhorizon10.0.1
openstackhorizon10.0.2
openstackhorizon11.0.0

References

CWEs

CWE-79

Verify integrity in audit chain (admin only). AS-IS.