Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N
Vendors Products
Redhat
  • Openstack
  • Enterprise Linux
Debian
  • Debian Linux
Openstack
  • Horizon

Configuration 1 [-]

OR cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*
cpe:2.3:a:openstack:horizon:9.0.0:*:*:*:*:*:*:*
cpe:2.3:a:openstack:horizon:9.0.1:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
OR cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
References
Link Resource
http://www.debian.org/security/2016/dsa-3617 Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/06/17/4 Mailing List Patch Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1268 Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1269 Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1270 Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1271 Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1272 Third Party Advisory
https://bugs.launchpad.net/horizon/+bug/1567673 Issue Tracking Third Party Advisory
https://review.openstack.org/329996 Patch Vendor Advisory
https://review.openstack.org/329997 Patch Vendor Advisory
https://review.openstack.org/329998 Patch Vendor Advisory
https://security.openstack.org/ossa/OSSA-2016-010.html Patch Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2016-07-12T19:00:00

Updated: 2016-11-25T20:57:01

Reserved: 2016-05-02T00:00:00

Link: CVE-2016-4428

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2016-07-12T19:59:03.257

Modified: 2023-02-12T23:20:30.723

Link: CVE-2016-4428

JSON object: View

cve-icon Redhat Information

No data.

CWE