CVE-2026-40212_CVE-2026-40212

5.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Description

OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting (XSS) vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where administrators use the console web interface to view instance console logs.

Basic Information

ID CVE-2026-40212

Source mitre

Published Apr 10, 2026 at 00:00

Modified Apr 10, 2026 at 15:32

Affected Product

Vendor OpenStack

Product Skyline

Affected Versions OpenStack Skyline 0
OpenStack Skyline 6.0.0
OpenStack Skyline 7.0.0

CWE Classification

CWE-79

References

{
    "lastseen": "",
    "description": "OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting (XSS) vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where administrators use the console web interface to view instance console logs.",
    "published": "2026-04-10T00:00:00.000Z",
    "modified": "2026-04-10T15:32:11.199Z",
    "type": "cve",
    "title": "CVE-2026-40212",
    "source": "mitre",
    "references": "https://bugs.launchpad.net/skyline-console/+bug/2138575\nhttps://review.opendev.org/973351\nhttps://www.openwall.com/lists/oss-security/2026/04/09/30\nhttps://security.openstack.org/ossa/OSSA-2026-006.html",
    "id": "CVE-2026-40212",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "OpenStack Skyline 0\nOpenStack Skyline 6.0.0\nOpenStack Skyline 7.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Skyline",
    "version": "0",
    "vendor": "OpenStack",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}