CVE-2016-4428

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-4428
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-4428.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-4428
Aliases
Downstream
Related
Published
2016-07-12T19:59:03.257Z
Modified
2026-04-10T03:51:23.763882Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.

References

Affected packages

Git / github.com/openstack/horizon

Affected ranges

Type
GIT
Repo
https://github.com/openstack/horizon
Events
Introduced
593f0b78eea8efbb6d833d66acc7ab4dc852159b
Last affected
fa47798f38b2a58514b93b6613129b0dfca18f36
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2eb320bd31078e3728b91e4badc597624d0827f8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f4b9e17315c69749e6e84a518b385b3698d5ab0e
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
593f0b78eea8efbb6d833d66acc7ab4dc852159b
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2eb320bd31078e3728b91e4badc597624d0827f8
Database specific 
{
    "versions": [
        {
            "introduced": "8.0.0"
        },
        {
            "last_affected": "8.0.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0"
        }
    ]
}

Affected versions

2011.*
2011.2
2013.*
2013.1.g3
2013.1.rc1
2013.2.b1
2013.2.b2
2013.2.b3
2013.2.rc1
2014.*
2014.1.b1
2014.1.b2
2014.1.b3
2014.1.rc1
2014.2.b1
2014.2.b2
2014.2.b3
2014.2.rc1
2015.*
2015.1.0b1
2015.1.0b2
2015.1.0b3
2015.1.0rc1
8.*
8.0.0
8.0.0.0b1
8.0.0.0b2
8.0.0.0b3
8.0.0.0rc1
8.0.0.0rc2
8.0.0a0
8.0.1
9.*
9.0.0
9.0.0.0b1
9.0.0.0b2
9.0.0.0b3
9.0.0.0rc1
9.0.0.0rc2
9.0.1
Other
essex-1
essex-2
essex-3
folsom-2
folsom-3
grizzly-1
grizzly-2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-4428.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "5.0"
            }
        ]
    }
]