CVE-2016-4428 — Cross-site Scripting in Horizon

CWE-79 — Cross-site Scripting10 documents8 sources

Severity

5.4MEDIUMNVD

EPSS

0.6%

top 31.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Horizon Debian Linux Redhat Openstack

Timeline

PublishedJul 12

Latest updateMay 13

Description

Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDopenstack/horizon8.0.0 — 8.0.1+2

▶NVDredhat/openstack4 versions+3

Also affects: Debian Linux 8.0, 9.0

Patches

Patch: www.openwall.com ↗Patch: review.openstack.org ↗Patch: review.openstack.org ↗

🔴Vulnerability Details

OSV

OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability↗2022-05-13

▶

GHSA

OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability↗2022-05-13

▶

OSV

CVE-2016-4428: Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8↗2016-07-12

▶

CVEList

CVE-2016-4428: Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8↗2016-07-12

▶

📋Vendor Advisories

Ubuntu

OpenStack Horizon vulnerability↗2017-10-11

▶

Red Hat

python-django-horizon: XSS in client side template↗2016-06-17

▶

Debian

CVE-2016-4428: horizon - Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 ...↗2016

▶

💬Community

Bugzilla

CVE-2016-4428 python-django-horizon: horizon: XSS in client side template [fedora-all]↗2016-06-17

▶

Bugzilla

CVE-2016-4428 python-django-horizon: XSS in client side template↗2016-06-08

▶