CVE-2016-4428

medium

Published 2016-07-12 · Modified 2024-05-19

CVSS v3

5.4

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v2

3.5

VIR risk

5.4

Description

OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability

Exploit likelihood

64%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2016-4428

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://security.openstack.org/ossa/OSSA-2016-010.html

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://review.openstack.org/329998

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://review.openstack.org/329997

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://review.openstack.org/329996

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://www.openwall.com/lists/oss-security/2016/06/17/4

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2016-4428.html

OS	Version	Status	Fixed in
sles		affected
debian	bookworm	fixed	`3:9.0.1-2`
debian	bullseye	fixed	`3:9.0.1-2`
debian	forky	fixed	`3:9.0.1-2`
debian	sid	fixed	`3:9.0.1-2`
debian	trixie	fixed	`3:9.0.1-2`
debian	8.0	affected
debian	9.0	affected
rhel	6.0	not-affected
rhel	7.0	not-affected

Ecosystem	Package	Vulnerable	Fixed
PyPI	horizon	`<8.0.2`	`8.0.2`
PyPI	horizon	`>=9.0.0,<9.1.0`	`9.1.0`

Vendor	Product	Versions
openstack	horizon	`{"startIncluding":"8.0.0","endIncluding":"8.0.1"}`
openstack	horizon	`9.0.0`
openstack	horizon	`9.0.1`
redhat	openstack	`6.0`
redhat	openstack	`7.0`
redhat	openstack	`8`
redhat	openstack	`5.0`

CWE-79

Verify integrity in audit chain (admin only). AS-IS.