Cross-Site Scripting Vulnerability in OpenStack Dashboard by OpenStack
CVE-2016-4428

5.4MEDIUM

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
12 July 2016

Summary

An XSS vulnerability in OpenStack Dashboard (Horizon) allows remote authenticated users to inject arbitrary web scripts or HTML via AngularJS templates within dashboard forms. This flaw could lead to unauthorized access or data manipulation, compromising the integrity of the affected application.

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.