python-django-horizon is vulnerable to cross-site scripting (XSS) attacks. The vulnerability exists as OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.
access.redhat.com/errata/RHSA-2017:1598
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=1408777
bugzilla.redhat.com/show_bug.cgi?id=1414997
bugzilla.redhat.com/show_bug.cgi?id=1427328
bugzilla.redhat.com/show_bug.cgi?id=1432036
bugzilla.redhat.com/show_bug.cgi?id=1432245
bugzilla.redhat.com/show_bug.cgi?id=1432289
bugzilla.redhat.com/show_bug.cgi?id=1454330