OSSA-2016-010: XSS in Horizon client side template¶
June 15, 2016
Horizon: <=8.0.1, >=9.0.0 <=9.0.1
Beth Lancaster and Brandon Sawyers from Virginia Tech reported a vulnerability in Horizon. By injecting Angularjs template in dashboard forms, such as image’s description, an authenticated user may trigger a cross-site-scripting vulnerability when another user browses the affected pages. It may result in potential assets theft like user access credentials. All Horizon setups are affected.
Beth Lancaster from Virginia Tech (CVE-2016-4428)
Brandon Sawyers from Virginia Tech (CVE-2016-4428)