Nixpkgs security tracker

Permalink CVE-2026-40212

5.4 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): Required (R)
Scope (S): Changed (C)
Confidentiality (C): Low (L)
Integrity (I): Low (L)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Changed (C)
Modified Integrity (MI): Low (L)
Modified Availability (MA): None (N)

created 1 month, 2 weeks ago Activity log

Created suggestion 1 month, 2 weeks ago

OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based …

OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting (XSS) vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where administrators use the console web interface to view instance console logs.

References

Affected products

Skyline

==6.0.0
==7.0.0
<5.0.1

Matching in nixpkgs

pkgs.gh-skyline

Generate a 3D model of your GitHub contribution history

nixos-unstable 0.1.7
- nixpkgs-unstable 0.1.7
- nixos-unstable-small 0.1.7
nixos-25.11 0.1.7
- nixos-25.11-small 0.1.7
- nixpkgs-25.11-darwin 0.1.7

Package maintainers

@PerchunPak Perchun Pak <nixpkgs@perchun.it>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.gh-skyline

Package maintainers