CVE-2016-4428 — MEDIUM (5.4)

Q: How severe is CVE-2016-4428?

CVE-2016-4428 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-4428?

Check the references section above for vendor advisories and patch information. Affected products include: Openstack Horizon, Redhat Openstack, Redhat Enterprise Linux, Debian Debian Linux.

Vulnerability Description

Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Openstack	Horizon	>= 8.0.0, <= 8.0.1
Redhat	Openstack	6.0
Redhat	Enterprise Linux	6.0
Debian	Debian Linux	8.0

Related Weaknesses (CWE)

CWE-79

References

http://www.debian.org/security/2016/dsa-3617Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/06/17/4Mailing ListPatchThird Party Advisory
https://access.redhat.com/errata/RHSA-2016:1268Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1269Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1270Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1271Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1272Third Party Advisory
https://bugs.launchpad.net/horizon/+bug/1567673Issue TrackingThird Party Advisory
https://review.openstack.org/329996PatchVendor Advisory
https://review.openstack.org/329997PatchVendor Advisory
https://review.openstack.org/329998PatchVendor Advisory
https://security.openstack.org/ossa/OSSA-2016-010.htmlPatchVendor Advisory
http://www.debian.org/security/2016/dsa-3617Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/06/17/4Mailing ListPatchThird Party Advisory
https://access.redhat.com/errata/RHSA-2016:1268Third Party Advisory

FAQ

What is CVE-2016-4428?

CVE-2016-4428 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injectin...

How severe is CVE-2016-4428?

CVE-2016-4428 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-4428?

Check the references section above for vendor advisories and patch information. Affected products include: Openstack Horizon, Redhat Openstack, Redhat Enterprise Linux, Debian Debian Linux.