CVE-2016-4428

medium

Description

Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.

References

Advisories
More

https://bugs.launchpad.net/horizon/+bug/1567673

https://access.redhat.com/errata/RHSA-2016:1272

https://access.redhat.com/errata/RHSA-2016:1271

https://access.redhat.com/errata/RHSA-2016:1270

https://access.redhat.com/errata/RHSA-2016:1269

https://access.redhat.com/errata/RHSA-2016:1268

http://www.openwall.com/lists/oss-security/2016/06/17/4

http://www.debian.org/security/2016/dsa-3617

https://security.openstack.org/ossa/OSSA-2016-010.html

https://review.openstack.org/329998

https://review.openstack.org/329997

https://review.openstack.org/329996

Details

Source: Mitre, NVD

Published: 2016-07-12

Updated: 2025-04-12

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00553

Detections

Analytics