Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.
www.debian.org/security/2016/dsa-3617
www.openwall.com/lists/oss-security/2016/06/17/4
access.redhat.com/errata/RHSA-2016:1268
access.redhat.com/errata/RHSA-2016:1269
access.redhat.com/errata/RHSA-2016:1270
access.redhat.com/errata/RHSA-2016:1271
access.redhat.com/errata/RHSA-2016:1272
bugs.launchpad.net/horizon/+bug/1567673
review.openstack.org/329996
review.openstack.org/329997
review.openstack.org/329998
security.openstack.org/ossa/OSSA-2016-010.html