Exploit the possiblities
Showing 1 - 7 of 7 RSS Feed

CVE-2016-4428

Status Candidate

Overview

Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.

Related Files

Ubuntu Security Notice USN-3447-1
Posted Oct 11, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3447-1 - Beth Lancaster and Brandon Sawyers discovered that OpenStack Horizon was incorrect protected against cross-site scripting attacks. A remote authenticated user could use this issue to inject web script or HTML in a dashboard form.

tags | advisory, remote, web, xss
systems | linux, ubuntu
advisories | CVE-2016-4428
MD5 | d2bbd0b644f3c03fd015e4e9b8dc725b
Debian Security Advisory 3617-1
Posted Jul 7, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3617-1 - Two cross-site scripting vulnerabilities have been found in Horizon, a web application to control an OpenStack cloud.

tags | advisory, web, vulnerability, xss
systems | linux, debian
advisories | CVE-2015-3219, CVE-2016-4428
MD5 | 6883e6c40ffdf7c9e921441fe555369c
Red Hat Security Advisory 2016-1272-01
Posted Jun 22, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1272-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. The following packages have been upgraded to a newer upstream version: python-django-horizon: 2015.1.4. Security Fix: A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form, triggering the vulnerability when another user browsed the affected page. As a result, this flaw could result in user accounts being compromised.

tags | advisory, xss, python
systems | linux, redhat
advisories | CVE-2016-4428
MD5 | bbfd24457e5d5119aba28405aa71fa6b
Red Hat Security Advisory 2016-1271-01
Posted Jun 22, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1271-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Security Fix: A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form, triggering the vulnerability when another user browsed the affected page. As a result, this flaw could result in user accounts being compromised.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2016-4428
MD5 | fd73f83b8283d42a731de0b958c1b6c2
Red Hat Security Advisory 2016-1270-01
Posted Jun 22, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1270-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Security Fix: A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form, triggering the vulnerability when another user browsed the affected page. As a result, this flaw could result in user accounts being compromised.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2016-4428
MD5 | cf77565f54f7023c0f926f87c27734e8
Red Hat Security Advisory 2016-1269-01
Posted Jun 22, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1269-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Security Fix: A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form, triggering the vulnerability when another user browsed the affected page. As a result, this flaw could result in user accounts being compromised.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2016-4428
MD5 | 8f2917defb3ffb6e10de539bfa96b3fd
Red Hat Security Advisory 2016-1268-01
Posted Jun 22, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1268-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Security Fix: A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form, triggering the vulnerability when another user browsed the affected page. As a result, this flaw could result in user accounts being compromised.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2016-4428
MD5 | 2e6e1c687ec90eca3547a521bfb686e0
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    15 Files
  • 22
    Nov 22nd
    23 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close