CVE-2016-4428

Published: Jul 12, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

RHSA-2016:1268

vendor-advisory

x_refsource_REDHAT

RHSA-2016:1270

vendor-advisory

x_refsource_REDHAT

DSA-3617

vendor-advisory

x_refsource_DEBIAN

RHSA-2016:1272

vendor-advisory

x_refsource_REDHAT

https://security.openstack.org/ossa/OSSA-2016-010.html

x_refsource_CONFIRM

https://review.openstack.org/329997

x_refsource_CONFIRM

https://bugs.launchpad.net/horizon/+bug/1567673

x_refsource_CONFIRM

RHSA-2016:1269

vendor-advisory

x_refsource_REDHAT

[oss-security] 20160617 [OSSA-2016-010] XSS in Horizon client side template (CVE-2016-4428)

mailing-list

x_refsource_MLIST

RHSA-2016:1271

vendor-advisory

x_refsource_REDHAT

https://review.openstack.org/329998

x_refsource_CONFIRM

https://review.openstack.org/329996

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-4428

Description

Affected Products

References