Home

Description

OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting (XSS) vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where administrators use the console web interface to view instance console logs.

PUBLISHED Reserved 2026-04-10 | Published 2026-04-10 | Updated 2026-04-10 | Assigner mitre




MEDIUM: 5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Product status

Default status
unaffected

Any version before 5.0.1
affected

6.0.0 (semver)
affected

7.0.0 (semver)
affected

References

bugs.launchpad.net/skyline-console/+bug/2138575

review.opendev.org/973351

www.openwall.com/lists/oss-security/2026/04/09/30

security.openstack.org/ossa/OSSA-2026-006.html

cve.org (CVE-2026-40212)

nvd.nist.gov (CVE-2026-40212)

Download JSON