CVE-2016-4428
Summary
| CVE | CVE-2016-4428 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-07-12 19:59:00 UTC |
| Updated | 2023-02-12 23:20:00 UTC |
| Description | Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Application | Openstack | Horizon | 9.0.0 | All | All | All |
| Application | Openstack | Horizon | 9.0.1 | All | All | All |
| Application | Openstack | Horizon | 9.0.0 | All | All | All |
| Application | Openstack | Horizon | 9.0.1 | All | All | All |
| Application | Openstack | Horizon | All | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.0 | All | All | All |
| Application | Redhat | Openstack | 5.0 | All | All | All |
| Application | Redhat | Openstack | 6.0 | All | All | All |
| Application | Redhat | Openstack | 7.0 | All | All | All |
| Application | Redhat | Openstack | 8 | All | All | All |
| Application | Redhat | Openstack | 8.0 | All | All | All |
| Application | Redhat | Openstack | 5.0 | All | All | All |
| Application | Redhat | Openstack | 6.0 | All | All | All |
| Application | Redhat | Openstack | 7.0 | All | All | All |
| Application | Redhat | Openstack | 8.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| oss-security - [OSSA-2016-010] XSS in Horizon client side template (CVE-2016-4428) | MLIST | www.openwall.com | Mailing List, Patch, Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| Debian -- Security Information -- DSA-3617-1 horizon | DEBIAN | www.debian.org | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| review.openstack.org/329997 | CONFIRM | review.openstack.org | Patch, Vendor Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| CVE-2016-4428 - Red Hat Customer Portal | MISC | access.redhat.com | |
| review.openstack.org/329998 | CONFIRM | review.openstack.org | Patch, Vendor Advisory |
| review.openstack.org/329996 | CONFIRM | review.openstack.org | Patch, Vendor Advisory |
| Bug #1567673 “[OSSA-2016-010] Possible client side template inje...” : Bugs : OpenStack Dashboard (Horizon) | CONFIRM | bugs.launchpad.net | Issue Tracking, Third Party Advisory |
| OpenStack Docs: OSSA-2016-010: XSS in Horizon client side template | CONFIRM | security.openstack.org | Patch, Vendor Advisory |
| 1343982 – (CVE-2016-4428) CVE-2016-4428 python-django-horizon: XSS in client side template | MISC | bugzilla.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.