Arbitrary Code Injection through AngularJS Template in OpenStack Dashboard (Horizon)

Arbitrary Code Injection through AngularJS Template in OpenStack Dashboard (Horizon)

CVE-2016-4428 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.

Learn more about our Web App Pen Testing.