Two cross-site scripting vulnerabilities have been found in Horizon,
a web application to control an OpenStack cloud.