CVE-2016-4428

Sažetak

Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.

Reference

http://www.openwall.com/lists/oss-security/2016/06/17/4
https://access.redhat.com/errata/RHSA-2016:1270
https://access.redhat.com/errata/RHSA-2016:1269
https://review.openstack.org/329998
https://access.redhat.com/errata/RHSA-2016:1268
http://www.debian.org/security/2016/dsa-3617
https://bugs.launchpad.net/horizon/+bug/1567673
https://review.openstack.org/329997
https://access.redhat.com/errata/RHSA-2016:1271
https://access.redhat.com/errata/RHSA-2016:1272
https://review.openstack.org/329996
https://security.openstack.org/ossa/OSSA-2016-010.html

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

12-02-2023 - 23:20

Objavljeno

12-07-2016 - 19:59