python-django-horizon is vulnerable to cross-site scripting (XSS). A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form (for example, using an image’s description), triggering the vulnerability when another user browsed the affected page. As a result, this flaw could result in user accounts being compromised (for example, user-access credentials being stolen).
www.debian.org/security/2016/dsa-3617
www.openwall.com/lists/oss-security/2016/06/17/4
access.redhat.com/errata/RHSA-2016:1268
access.redhat.com/errata/RHSA-2016:1269
access.redhat.com/errata/RHSA-2016:1270
access.redhat.com/errata/RHSA-2016:1271
access.redhat.com/errata/RHSA-2016:1272
access.redhat.com/security/cve/CVE-2016-4428
access.redhat.com/security/updates/classification/#important
bugs.launchpad.net/horizon/+bug/1567673
bugzilla.redhat.com/show_bug.cgi?id=1343982
review.openstack.org/329996
review.openstack.org/329997
review.openstack.org/329998
security.openstack.org/ossa/OSSA-2016-010.html