CVE-2016-4428

Опубликовано: 12 июл. 2016

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.

Ссылки

http://www.debian.org/security/2016/dsa-3617
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/06/17/4
Mailing List
Patch
Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1268
Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1269
Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1270
Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1271
Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1272
Third Party Advisory
https://bugs.launchpad.net/horizon/+bug/1567673
Issue Tracking
Third Party Advisory
https://review.openstack.org/329996
Patch
Vendor Advisory
https://review.openstack.org/329997
Patch
Vendor Advisory
https://review.openstack.org/329998
Patch
Vendor Advisory
https://security.openstack.org/ossa/OSSA-2016-010.html
Patch
Vendor Advisory
http://www.debian.org/security/2016/dsa-3617
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/06/17/4
Mailing List
Patch
Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1268
Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1269
Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1270
Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1271
Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1272
Third Party Advisory
https://bugs.launchpad.net/horizon/+bug/1567673
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*

Версия от 8.0.0 (включая) до 8.0.1 (включая)

cpe:2.3:a:openstack:horizon:9.0.0:*:*:*:*:*:*:*

cpe:2.3:a:openstack:horizon:9.0.1:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 68%

0.0057

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2016-4428

CVSS3: 5.4

ubuntu

больше 9 лет назад

CVE-2016-4428

redhat

больше 9 лет назад

CVE-2016-4428

CVSS3: 5.4

debian

больше 9 лет назад

Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horiz ...

GHSA-grm6-x6mr-q3cv

CVSS3: 5.4

github

больше 3 лет назад

OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability

EPSS

Процентиль: 68%

0.0057

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79