3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.7%
Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.
www.debian.org/security/2016/dsa-3617
www.openwall.com/lists/oss-security/2016/06/17/4
access.redhat.com/errata/RHSA-2016:1268
access.redhat.com/errata/RHSA-2016:1269
access.redhat.com/errata/RHSA-2016:1270
access.redhat.com/errata/RHSA-2016:1271
access.redhat.com/errata/RHSA-2016:1272
bugs.launchpad.net/horizon/+bug/1567673
review.openstack.org/329996
review.openstack.org/329997
review.openstack.org/329998
security.openstack.org/ossa/OSSA-2016-010.html
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.7%