Medium severity5.4NVD Advisory· Published Jul 12, 2016· Updated Jun 17, 2026
CVE-2016-4428
CVE-2016-4428
Description
Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
horizonPyPI | < 8.0.2 | 8.0.2 |
horizonPyPI | >= 9.0.0, < 9.1.0 | 9.1.0 |
Affected products
34- ghsa-coords25 versionspkg:pypi/horizonpkg:rpm/suse/openstack-ceilometer&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-ceilometer-doc&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-cinder-doc&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-dashboard&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-glance&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-glance-doc&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-heat&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-heat-doc&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-keystone&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-keystone-doc&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-manila&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-manila-doc&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-neutron-doc&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-neutron-fwaas&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-neutron-fwaas-doc&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-neutron-lbaas&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-neutron-lbaas-doc&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-resource-agents&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/python-networking-cisco&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/python-openstackclient&distro=SUSE%20OpenStack%20Cloud%206
< 8.0.2+ 24 more
- (no CPE)range: < 8.0.2
- (no CPE)range: < 5.0.4~a0~dev6-6.1
- (no CPE)range: < 5.0.4~a0~dev6-6.2
- (no CPE)range: < 7.0.3~a0~dev2-7.1
- (no CPE)range: < 7.0.3~a0~dev2-7.1
- (no CPE)range: < 8.0.2~a0~dev34-8.1
- (no CPE)range: < 11.0.2~a0~dev13-7.1
- (no CPE)range: < 11.0.2~a0~dev13-7.1
- (no CPE)range: < 5.0.2~a0~dev93-9.1
- (no CPE)range: < 5.0.2~a0~dev93-9.3
- (no CPE)range: < 8.1.1~a0~dev13-3.1
- (no CPE)range: < 8.1.1~a0~dev13-3.2
- (no CPE)range: < 1.0.2~a0~dev11-9.1
- (no CPE)range: < 1.0.2~a0~dev11-9.2
- (no CPE)range: < 7.1.2~a0~dev29-10.1
- (no CPE)range: < 7.1.2~a0~dev29-10.1
- (no CPE)range: < 7.1.2~a0~dev1-6.1
- (no CPE)range: < 7.1.2~a0~dev1-6.1
- (no CPE)range: < 7.1.2~a0~dev1-6.1
- (no CPE)range: < 7.1.2~a0~dev1-6.1
- (no CPE)range: < 12.0.5~a0~dev2-7.1
- (no CPE)range: < 12.0.5~a0~dev2-7.1
- (no CPE)range: < 1.0+git.1467079370.4f2c49d-7.1
- (no CPE)range: < 2.1.1-6.1
- (no CPE)range: < 1.7.2-4.1
Patches
Vulnerability mechanics
References
19- www.openwall.com/lists/oss-security/2016/06/17/4nvdMailing ListPatchThird Party AdvisoryWEB
- review.openstack.org/329996nvdPatchVendor AdvisoryWEB
- review.openstack.org/329997nvdPatchVendor AdvisoryWEB
- review.openstack.org/329998nvdPatchVendor AdvisoryWEB
- security.openstack.org/ossa/OSSA-2016-010.htmlnvdPatchVendor AdvisoryWEB
- www.debian.org/security/2016/dsa-3617nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2016:1268nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2016:1269nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2016:1270nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2016:1271nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2016:1272nvdThird Party AdvisoryWEB
- bugs.launchpad.net/horizon/+bug/1567673nvdIssue TrackingThird Party AdvisoryWEB
- github.com/advisories/GHSA-grm6-x6mr-q3cvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-4428ghsaADVISORY
- access.redhat.com/security/cve/CVE-2016-4428ghsaWEB
- bugzilla.redhat.com/show_bug.cgighsaWEB
- github.com/openstack/horizon/commit/62b4e6f30a7ae7961805abdffdb3c7ae5c2b676aghsaWEB
- github.com/openstack/horizon/commit/d585e5eb9acf92d10d39b6c2038917a7e8ac71bbghsaWEB
- github.com/openstack/horizon/commit/fc8d70560401f3985e5672a4c580f10d51e985a4ghsaWEB
News mentions
0No linked articles in our index yet.