{"id":"CVE-2016-4428","details":"Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.","aliases":["GHSA-grm6-x6mr-q3cv"],"modified":"2026-04-10T03:51:23.763882Z","published":"2016-07-12T19:59:03.257Z","related":["SUSE-SU-2016:2143-1"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2016:1270"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2016:1271"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2016:1269"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2016:1272"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3617"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2016:1268"},{"type":"REPORT","url":"https://bugs.launchpad.net/horizon/+bug/1567673"},{"type":"FIX","url":"https://review.openstack.org/329996"},{"type":"FIX","url":"https://review.openstack.org/329997"},{"type":"FIX","url":"https://review.openstack.org/329998"},{"type":"FIX","url":"https://security.openstack.org/ossa/OSSA-2016-010.html"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/06/17/4"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openstack/horizon","events":[{"introduced":"593f0b78eea8efbb6d833d66acc7ab4dc852159b"},{"last_affected":"fa47798f38b2a58514b93b6613129b0dfca18f36"},{"introduced":"0"},{"last_affected":"2eb320bd31078e3728b91e4badc597624d0827f8"},{"introduced":"0"},{"last_affected":"f4b9e17315c69749e6e84a518b385b3698d5ab0e"},{"introduced":"0"},{"last_affected":"593f0b78eea8efbb6d833d66acc7ab4dc852159b"},{"introduced":"0"},{"last_affected":"2eb320bd31078e3728b91e4badc597624d0827f8"}],"database_specific":{"versions":[{"introduced":"8.0.0"},{"last_affected":"8.0.1"},{"introduced":"0"},{"last_affected":"9.0.0"},{"introduced":"0"},{"last_affected":"9.0.1"},{"introduced":"0"},{"last_affected":"8.0"},{"introduced":"0"},{"last_affected":"9.0"}]}}],"versions":["2011.2","2013.1.g3","2013.1.rc1","2013.2.b1","2013.2.b2","2013.2.b3","2013.2.rc1","2014.1.b1","2014.1.b2","2014.1.b3","2014.1.rc1","2014.2.b1","2014.2.b2","2014.2.b3","2014.2.rc1","2015.1.0b1","2015.1.0b2","2015.1.0b3","2015.1.0rc1","8.0.0","8.0.0.0b1","8.0.0.0b2","8.0.0.0b3","8.0.0.0rc1","8.0.0.0rc2","8.0.0a0","8.0.1","9.0.0","9.0.0.0b1","9.0.0.0b2","9.0.0.0b3","9.0.0.0rc1","9.0.0.0rc2","9.0.1","essex-1","essex-2","essex-3","folsom-2","folsom-3","grizzly-1","grizzly-2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-4428.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8"}]},{"events":[{"introduced":"0"},{"last_affected":"5.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}