OpenStack Skyline contains a DOM-based XSS vulnerability (CWE-79) in its console web interface due to unsafe use of document.write. This affects versions prior to 5.0.1, 6.0.0, and 7.0.0. The vulnerability allows an attacker to inject malicious scripts when administrators view instance console logs, potentially impacting confidentiality and integrity. The CVSS 3.1 score is 5.4 (medium severity), reflecting network attack vector, low attack complexity, required privileges, user interaction, and partial impact on confidentiality and integrity. No patch or official remediation level has been published yet.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of the administrator's browser session when viewing instance console logs. This may lead to partial disclosure or modification of sensitive information accessible via the console interface. There is no impact on availability reported. No known exploits are currently observed in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, administrators should exercise caution when accessing instance console logs and consider limiting access to trusted users only. Monitoring vendor channels for updates is recommended.