CVE-2016-4428
- Source
- https://cve.org/CVERecord?id=CVE-2016-4428
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-4428.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-4428
- Aliases
- Downstream
- Related
- Published
- 2016-07-12T19:59:03.257Z
- Modified
- 2026-03-12T22:21:46.042492Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.
- References
-
- https://access.redhat.com/errata/RHSA-2016:1268
- https://access.redhat.com/errata/RHSA-2016:1269
- https://access.redhat.com/errata/RHSA-2016:1270
- https://access.redhat.com/errata/RHSA-2016:1272
- https://access.redhat.com/errata/RHSA-2016:1271
- http://www.debian.org/security/2016/dsa-3617
- https://bugs.launchpad.net/horizon/+bug/1567673
- http://www.openwall.com/lists/oss-security/2016/06/17/4
- https://review.openstack.org/329996
- https://review.openstack.org/329997
- https://review.openstack.org/329998
- https://security.openstack.org/ossa/OSSA-2016-010.html
Affected packages
Git / github.com/openstack/horizon
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openstack/horizon
- Events
-
IntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "8.0.0" }, { "last_affected": "8.0.1" }, { "introduced": "0" }, { "last_affected": "9.0.0" }, { "introduced": "0" }, { "last_affected": "9.0.1" }, { "introduced": "0" }, { "last_affected": "8.0" }, { "introduced": "0" }, { "last_affected": "9.0" } ] }
Affected versions
8.*
8.0.0
8.0.0.0rc2
9.*
9.0.0
9.0.0.0b1
9.0.0.0b2
9.0.0.0b3
9.0.0.0rc1
9.0.0.0rc2
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0"
}
]
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-4428.json"