Openstack · Openstack Dashboard · CVE-2016-4428
**Name of the Vulnerable Software and Affected Versions**
OpenStack Dashboard (Horizon) versions 8.0.1 and earlier
OpenStack Dashboard (Horizon) versions 9.0.0 through 9.0.1
**Description**
A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.
**Recommendations**
For OpenStack Dashboard (Horizon) versions 8.0.1 and earlier, update to a version later than 8.0.1.
For OpenStack Dashboard (Horizon) versions 9.0.0 through 9.0.1, update to a version later than 9.0.1.