CVE-2016-4428 – horizon

Package

Manager: pip
Name: horizon
Vulnerable Version: >=0 <8.0.2 || >=9.0.0 <9.1.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

EPSS: 0.0057 pctl0.67638

Details

OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.

Metadata

Created: 2022-05-13T01:07:34Z
Modified: 2024-05-14T17:25:12Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-grm6-x6mr-q3cv/GHSA-grm6-x6mr-q3cv.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-grm6-x6mr-q3cv
Finding: F008
Auto approve: 1