CVE-2016-4428
- Source
- https://cve.org/CVERecord?id=CVE-2016-4428
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-4428.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-4428
- Aliases
- Downstream
- Related
- Published
- 2016-07-12T19:59:03.257Z
- Modified
- 2026-05-18T05:48:09.005666917Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.
- Database specific
{ "unresolved_ranges": [ { "cpes": [ "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" ], "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "8.0" }, { "last_affected": "9.0" } ], "vendor_product": "debian:debian_linux" }, { "cpes": [ "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*" ], "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "6.0" }, { "last_affected": "7.0" }, { "last_affected": "8" }, { "last_affected": "5.0" } ], "vendor_product": "redhat:openstack" } ] }- References
-
- http://www.debian.org/security/2016/dsa-3617
- https://access.redhat.com/errata/RHSA-2016:1268
- https://access.redhat.com/errata/RHSA-2016:1269
- https://access.redhat.com/errata/RHSA-2016:1270
- https://access.redhat.com/errata/RHSA-2016:1271
- https://access.redhat.com/errata/RHSA-2016:1272
- https://bugs.launchpad.net/horizon/+bug/1567673
- http://www.openwall.com/lists/oss-security/2016/06/17/4
- https://review.openstack.org/329996
- https://review.openstack.org/329997
- https://review.openstack.org/329998
- https://security.openstack.org/ossa/OSSA-2016-010.html
Affected packages
Git / github.com/openstack/horizon
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openstack/horizon
- Events
-
IntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affected
- Database specific
{ "source": "CPE_FIELD", "extracted_events": [ { "introduced": "8.0.0" }, { "last_affected": "8.0.1" }, { "introduced": "0" }, { "last_affected": "9.0.0" }, { "last_affected": "9.0.1" } ], "cpe": [ "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:horizon:9.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:horizon:9.0.1:*:*:*:*:*:*:*" ] }
Affected versions
2011.*
2011.2
2013.*
2013.1.g3
2013.1.rc1
2013.2.b1
2013.2.b2
2013.2.b3
2013.2.rc1
2014.*
2014.1.b1
2014.1.b2
2014.1.b3
2014.1.rc1
2014.2.b1
2014.2.b2
2014.2.b3
2014.2.rc1
2015.*
2015.1.0b1
2015.1.0b2
2015.1.0b3
2015.1.0rc1
8.*
8.0.0
8.0.0.0b1
8.0.0.0b2
8.0.0.0b3
8.0.0.0rc1
8.0.0.0rc2
8.0.0a0
8.0.1
9.*
9.0.0
9.0.0.0b1
9.0.0.0b2
9.0.0.0b3
9.0.0.0rc1
9.0.0.0rc2
9.0.1
Other
essex-1
essex-2
essex-3
folsom-2
folsom-3
grizzly-1
grizzly-2