312 matches found
CVE-2016-4428
Cross-site scripting XSS vulnerability in OpenStack Dashboard Horizon 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form...
CVE-2016-4428
OpenStack Horizon (Dashboard) is affected by an XSS vulnerability (CVE-2016-4428) present in Horizon 8.0.1 and earlier and 9.0.0–9.0.1. The issue arises from injecting an AngularJS template into a dashboard form, allowing a remote authenticated user to inject arbitrary script/HTML. Impact reporte...
CVE-2016-4428
Cross-site scripting XSS vulnerability in OpenStack Dashboard Horizon 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form...
PT-2016-5954 · Openstack +1 · Openstack Dashboard +1
Name of the Vulnerable Software and Affected Versions: OpenStack Dashboard Horizon versions 8.0.1 and earlier OpenStack Dashboard Horizon versions 9.0.0 through 9.0.1 Description: A cross-site scripting XSS issue allows remote authenticated users to inject arbitrary web script or HTML by injectin...
Important: Red Hat Security Advisory: python-django-horizon security update
An update for python-django-horizon is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
python-django-horizon: XSS in client side template
A DOM-based, cross-site scripting vulnerability has been identified in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form for example, using an image's description,...
Important: Red Hat Security Advisory: python-django-horizon security update
An update for python-django-horizon is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
python-django-horizon: XSS in client side template
A DOM-based, cross-site scripting vulnerability has been identified in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form for example, using an image's description,...
Important: Red Hat Security Advisory: python-django-horizon security update
An update for python-django-horizon is now available for Red Hat OpenStack Platform 8.0 Liberty. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Important: Red Hat Security Advisory: python-django-horizon security and bug fix update
An update for python-django-horizon is now available for Red Hat Enterprise Linux OpenStack Platform 6.0 Juno for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
python-django-horizon: XSS in client side template
A DOM-based, cross-site scripting vulnerability has been identified in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form for example, using an image's description,...
CVE-2016-4428
A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form for example, using an image's description, triggering...
drchrono: Stored XSS via AngularJS Injection
Hi All, I've found a stored XSS vulnerability via an Angular Template Injection in the messages referral address field. Description After visiting https://1337test.drchrono.com/messages/referrals/contacts/, you can enter new contact information. In the field for the address, if enter 55, when the...
Arbitrary Script Injection
Overview Affected versions of this package are vulnerable to Arbitrary Script Injection. Attributes were not protected via $sce, which prevents interpolated values that fail the RESOURCEURL context tests from being used in interpolation. For example if the application is running at...
drchrono: Angular injection in the profile name of onpatient
Hi All, You have an angular injection vulnerability in the profile name fields on the onpatient site. If you add a value 55 in the first name or last name field, the expression will be evaluated and when the page is rendered, the first and last name will be 25. Here I'm entering the values F96238...
Cross-site Scripting (XSS)
Overview angularjs is a Affected versions of this package are vulnerable to Cross-site Scripting XSS. due to the usemap attribute not being blacklisted. Remediation Upgrade angularjs to version 1.5.0 or higher. References - GitHub ChangeLog - GitHub Commit - GitHub PR Credit: Lucas Mirelmann...
Cross-site Scripting (XSS)
Overview angularjs is a Affected versions of this package are vulnerable to Cross-site Scripting XSS. This error occurs when $sanitize sanitizer tries to check the input for possible mXSS payload and the verification errors due to the input mutating indefinitely. This could be a sign that the...
Clickjacking
Overview Affected versions of this package are vulnerable to Clickjacking. By enabling the SVG setting without taking other precautions, you might expose your application to click-hijacking attacks. In these attacks, sanitized SVG elements could be positioned outside of the containing element and...
Python Network Recon Framework: ivre
IVRE Instrument de veille sur les réseaux extérieurs or DRUNK Dynamic Recon of UNKnown networks is a network recon framework, including two modules for passive recon one p0f -based and one Bro -based and one module for active recon mostly Nmap -based, with a bit of ZMap . External programs /...
Arbitrary Code Execution
Overview Affected versions of this package are vulnerable to Arbitrary Code Execution via unsafe svg animation tags. Details Exploit Example: html Here the anchor's href is animated, starting from a value that's a javascript URI. This allows execution of arbitrary javascript in the process...