================================================== OSSA-2016-010: XSS in Horizon client side template ================================================== :Date: June 15, 2016 :CVE: CVE-2016-4428 Affects ~~~~~~~ - Horizon: <=8.0.1, >=9.0.0 <=9.0.1 Description ~~~~~~~~~~~ Beth Lancaster and Brandon Sawyers from Virginia Tech reported a vulnerability in Horizon. By injecting Angularjs template in dashboard forms, such as image's description, an authenticated user may trigger a cross-site-scripting vulnerability when another user browses the affected pages. It may result in potential assets theft like user access credentials. All Horizon setups are affected. Patches ~~~~~~~ - https://review.openstack.org/329997 (Liberty) - https://review.openstack.org/329996 (Mitaka) - https://review.openstack.org/329998 (Newton) Credits ~~~~~~~ - Beth Lancaster from Virginia Tech (CVE-2016-4428) - Brandon Sawyers from Virginia Tech (CVE-2016-4428) References ~~~~~~~~~~ - https://bugs.launchpad.net/bugs/1567673 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4428 -- Tristan Cacqueray OpenStack Vulnerability Management Team