Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.
References
Link | Resource |
---|---|
http://www.debian.org/security/2016/dsa-3617 | Third Party Advisory |
http://www.openwall.com/lists/oss-security/2016/06/17/4 | Mailing List Patch Third Party Advisory |
https://access.redhat.com/errata/RHSA-2016:1268 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2016:1269 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2016:1270 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2016:1271 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2016:1272 | Third Party Advisory |
https://bugs.launchpad.net/horizon/+bug/1567673 | Issue Tracking Third Party Advisory |
https://review.openstack.org/329996 | Patch Vendor Advisory |
https://review.openstack.org/329997 | Patch Vendor Advisory |
https://review.openstack.org/329998 | Patch Vendor Advisory |
https://security.openstack.org/ossa/OSSA-2016-010.html | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2016-07-12T19:00:00
Updated: 2016-11-25T20:57:01
Reserved: 2016-05-02T00:00:00
Link: CVE-2016-4428
JSON object: View
NVD Information
Status : Modified
Published: 2016-07-12T19:59:03.257
Modified: 2023-02-12T23:20:30.723
Link: CVE-2016-4428
JSON object: View
Redhat Information
No data.
CWE