Twenty Year Anniversary
Showing 1 - 7 of 7 RSS Feed

CVE-2016-4428

Status Candidate

Overview

Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.

Related Files

Ubuntu Security Notice USN-3447-1
Posted Oct 11, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3447-1 - Beth Lancaster and Brandon Sawyers discovered that OpenStack Horizon was incorrect protected against cross-site scripting attacks. A remote authenticated user could use this issue to inject web script or HTML in a dashboard form.

tags | advisory, remote, web, xss
systems | linux, ubuntu
advisories | CVE-2016-4428
MD5 | d2bbd0b644f3c03fd015e4e9b8dc725b
Debian Security Advisory 3617-1
Posted Jul 7, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3617-1 - Two cross-site scripting vulnerabilities have been found in Horizon, a web application to control an OpenStack cloud.

tags | advisory, web, vulnerability, xss
systems | linux, debian
advisories | CVE-2015-3219, CVE-2016-4428
MD5 | 6883e6c40ffdf7c9e921441fe555369c
Red Hat Security Advisory 2016-1272-01
Posted Jun 22, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1272-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. The following packages have been upgraded to a newer upstream version: python-django-horizon: 2015.1.4. Security Fix: A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form, triggering the vulnerability when another user browsed the affected page. As a result, this flaw could result in user accounts being compromised.

tags | advisory, xss, python
systems | linux, redhat
advisories | CVE-2016-4428
MD5 | bbfd24457e5d5119aba28405aa71fa6b
Red Hat Security Advisory 2016-1271-01
Posted Jun 22, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1271-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Security Fix: A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form, triggering the vulnerability when another user browsed the affected page. As a result, this flaw could result in user accounts being compromised.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2016-4428
MD5 | fd73f83b8283d42a731de0b958c1b6c2
Red Hat Security Advisory 2016-1270-01
Posted Jun 22, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1270-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Security Fix: A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form, triggering the vulnerability when another user browsed the affected page. As a result, this flaw could result in user accounts being compromised.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2016-4428
MD5 | cf77565f54f7023c0f926f87c27734e8
Red Hat Security Advisory 2016-1269-01
Posted Jun 22, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1269-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Security Fix: A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form, triggering the vulnerability when another user browsed the affected page. As a result, this flaw could result in user accounts being compromised.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2016-4428
MD5 | 8f2917defb3ffb6e10de539bfa96b3fd
Red Hat Security Advisory 2016-1268-01
Posted Jun 22, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1268-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Security Fix: A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form, triggering the vulnerability when another user browsed the affected page. As a result, this flaw could result in user accounts being compromised.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2016-4428
MD5 | 2e6e1c687ec90eca3547a521bfb686e0
Page 1 of 1
Back1Next

File Archive:

September 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    3 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    18 Files
  • 6
    Sep 6th
    18 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    2 Files
  • 9
    Sep 9th
    2 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    17 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    29 Files
  • 14
    Sep 14th
    21 Files
  • 15
    Sep 15th
    3 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    16 Files
  • 19
    Sep 19th
    29 Files
  • 20
    Sep 20th
    18 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close