← Back

CVE-2016-4428

nvd nist
Published: Jul 12, 2016Modified: May 6, 2026

JSON object

Loading...
5.4
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.3 / Impact: 2.7
Source: NVD

Description

Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.

Affected (9)

Openstack
1 product
Horizon
Redhat
1 product
Openstack
Debian
1 product
Debian Linux
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Openstack
Horizon
From 8.0.0 to 8.0.1
Horizon
Version 9.0.0
Horizon
Version 9.0.1
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Openstack
Version 6.0
Openstack
Version 7.0
Openstack
Version 8
Configuration C
1 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Openstack
Version 5.0
Running on/withPlatform Versions
Redhat
Enterprise Linux
Version 6.0
Redhat
Enterprise Linux
Version 7.0
Configuration D
2 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 8.0
Debian Linux
Version 9.0

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (24)

Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Mailing ListPatchThird Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Issue TrackingThird Party Advisory
Source: secalert@redhat.com
PatchVendor Advisory
Source: secalert@redhat.com
PatchVendor Advisory
Source: secalert@redhat.com
PatchVendor Advisory
Source: secalert@redhat.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.