OSSA-2016-010: XSS in Horizon client side template

Date:June 15, 2016
CVE:CVE-2016-4428

Affects

  • Horizon: <=8.0.1, >=9.0.0 <=9.0.1

Description

Beth Lancaster and Brandon Sawyers from Virginia Tech reported a vulnerability in Horizon. By injecting Angularjs template in dashboard forms, such as image’s description, an authenticated user may trigger a cross-site-scripting vulnerability when another user browses the affected pages. It may result in potential assets theft like user access credentials. All Horizon setups are affected.

Credits

  • Beth Lancaster from Virginia Tech (CVE-2016-4428)
  • Brandon Sawyers from Virginia Tech (CVE-2016-4428)