Exploit the possiblities
Showing 1 - 7 of 7 RSS Feed

CVE-2016-4428

Status Candidate

Overview

Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.

Related Files

Ubuntu Security Notice USN-3447-1
Posted Oct 11, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3447-1 - Beth Lancaster and Brandon Sawyers discovered that OpenStack Horizon was incorrect protected against cross-site scripting attacks. A remote authenticated user could use this issue to inject web script or HTML in a dashboard form.

tags | advisory, remote, web, xss
systems | linux, ubuntu
advisories | CVE-2016-4428
MD5 | d2bbd0b644f3c03fd015e4e9b8dc725b
Debian Security Advisory 3617-1
Posted Jul 7, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3617-1 - Two cross-site scripting vulnerabilities have been found in Horizon, a web application to control an OpenStack cloud.

tags | advisory, web, vulnerability, xss
systems | linux, debian
advisories | CVE-2015-3219, CVE-2016-4428
MD5 | 6883e6c40ffdf7c9e921441fe555369c
Red Hat Security Advisory 2016-1272-01
Posted Jun 22, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1272-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. The following packages have been upgraded to a newer upstream version: python-django-horizon: 2015.1.4. Security Fix: A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form, triggering the vulnerability when another user browsed the affected page. As a result, this flaw could result in user accounts being compromised.

tags | advisory, xss, python
systems | linux, redhat
advisories | CVE-2016-4428
MD5 | bbfd24457e5d5119aba28405aa71fa6b
Red Hat Security Advisory 2016-1271-01
Posted Jun 22, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1271-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Security Fix: A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form, triggering the vulnerability when another user browsed the affected page. As a result, this flaw could result in user accounts being compromised.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2016-4428
MD5 | fd73f83b8283d42a731de0b958c1b6c2
Red Hat Security Advisory 2016-1270-01
Posted Jun 22, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1270-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Security Fix: A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form, triggering the vulnerability when another user browsed the affected page. As a result, this flaw could result in user accounts being compromised.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2016-4428
MD5 | cf77565f54f7023c0f926f87c27734e8
Red Hat Security Advisory 2016-1269-01
Posted Jun 22, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1269-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Security Fix: A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form, triggering the vulnerability when another user browsed the affected page. As a result, this flaw could result in user accounts being compromised.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2016-4428
MD5 | 8f2917defb3ffb6e10de539bfa96b3fd
Red Hat Security Advisory 2016-1268-01
Posted Jun 22, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1268-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Security Fix: A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form, triggering the vulnerability when another user browsed the affected page. As a result, this flaw could result in user accounts being compromised.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2016-4428
MD5 | 2e6e1c687ec90eca3547a521bfb686e0
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

February 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    15 Files
  • 2
    Feb 2nd
    15 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    13 Files
  • 5
    Feb 5th
    16 Files
  • 6
    Feb 6th
    15 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    15 Files
  • 9
    Feb 9th
    18 Files
  • 10
    Feb 10th
    8 Files
  • 11
    Feb 11th
    8 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    15 Files
  • 14
    Feb 14th
    15 Files
  • 15
    Feb 15th
    17 Files
  • 16
    Feb 16th
    18 Files
  • 17
    Feb 17th
    37 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close