CVE-2016-4428

Priority
Medium
Description
Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon)
8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users
to inject arbitrary web script or HTML by injecting an AngularJS template
in a dashboard form.
References
Bugs
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):not-affected (3:12.0.0~rc2-0ubuntu1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:2014.1.5-0ubuntu2.1)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2:9.1.2-0ubuntu1)
Ubuntu 17.04 (Zesty Zapus):not-affected (3:11.0.3-0ubuntu1)
Patches:
Upstream:https://review.openstack.org/#/c/329998/ (master)
Upstream:https://review.openstack.org/#/c/329997/ (liberty)
Vendor:https://anonscm.debian.org/cgit/openstack/services/horizon.git/commit/?h=debian/icehouse (icehouse)
More Information

Updated: 2017-10-11 14:14:43 UTC (commit 13496)