OpenStack Skyline Vulnerable to DOM-Based XSS
CVE Notify has flagged a DOM-based Cross-Site Scripting (XSS) vulnerability impacting OpenStack Skyline versions prior to 5.0.1, 6.0.0, and 7.0.0. The issue stems from the unsafe use of document.write within the console interface. This flaw could be particularly troublesome for administrators who rely on the console web interface to monitor instance logs.
According to CVE Notify, the vulnerability allows for the injection and execution of malicious scripts directly within the user’s browser. Given that administrators typically operate with elevated privileges, a successful XSS attack could potentially lead to unauthorized actions within the OpenStack environment, ranging from data exfiltration to system manipulation.
What This Means For You
- Administrators managing OpenStack environments should immediately verify their Skyline console version and apply updates to mitigate the risk of DOM-based XSS attacks targeting the instance log viewing interface.
Related ATT&CK Techniques
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-40212 | XSS | OpenStack Skyline versions before 5.0.1, 6.0.0, and 7.0.0. Vulnerable component: console. Vulnerability: DOM-based XSS due to unsafe use of document.write. |
Get the full picture on this threat
Search by organization or CVE, get structured IOCs for your SIEM, and set watchlist alerts — delivered to your Telegram in seconds.
Try Intel Bot →