Ubuntu Security Notice 3447-1 - Beth Lancaster and Brandon Sawyers discovered that OpenStack Horizon was incorrect protected against cross-site scripting attacks. A remote authenticated user could use this issue to inject web script or HTML in a dashboard form.
53a3044240cbe88ed44bc7604ffffe0d572d14209249f0931744fb0afe88c512
Debian Linux Security Advisory 3617-1 - Two cross-site scripting vulnerabilities have been found in Horizon, a web application to control an OpenStack cloud.
ff5d05de30969f8247dff1dd319c8e30c8f2713213ce4eb2822bf55525cb0d50
Red Hat Security Advisory 2016-1272-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. The following packages have been upgraded to a newer upstream version: python-django-horizon: 2015.1.4. Security Fix: A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form, triggering the vulnerability when another user browsed the affected page. As a result, this flaw could result in user accounts being compromised.
57c18e406ff48d256568840e79fd9a8a9165b5682bb8557bf2460e7a347077b8
Red Hat Security Advisory 2016-1271-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Security Fix: A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form, triggering the vulnerability when another user browsed the affected page. As a result, this flaw could result in user accounts being compromised.
332d67b19899392e831c09c54bc9fe1fc0b682a8f165e19386c332e202a75379
Red Hat Security Advisory 2016-1270-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Security Fix: A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form, triggering the vulnerability when another user browsed the affected page. As a result, this flaw could result in user accounts being compromised.
4988110b761f7d244c2b8fe79fc98028f74872c914e77416413a6b2c20fc1033
Red Hat Security Advisory 2016-1269-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Security Fix: A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form, triggering the vulnerability when another user browsed the affected page. As a result, this flaw could result in user accounts being compromised.
e8b5f2a5572c79a4a5333f0e6148e04ccab18504a755cadb8a52a22a30caf447
Red Hat Security Advisory 2016-1268-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Security Fix: A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form, triggering the vulnerability when another user browsed the affected page. As a result, this flaw could result in user accounts being compromised.
0c519befde1282ae9674cb5175276ec7b4452dbab552efe67d806f409758a58e