XSS vulnerability was found in django. Unsafe usage of JavaScript's ``Element.innerHTML`` could result in XSS in the admin's add/change related popup. ``Element.textContent`` is now used to prevent execution of the data. The debug view also used ``innerHTML``. Although a security issue wasn't identified there, out of an abundance of caution it's also updated to use ``textContent``.
Acknowledgements: Name: the upstream Django project
Created Django14 tracking bugs for this issue: Affects: epel-6 [bug 1357702]
Created python-django15 tracking bugs for this issue: Affects: epel-6 [bug 1357703]
Created python-django tracking bugs for this issue: Affects: fedora-all [bug 1357701] Affects: epel-7 [bug 1357704]
Created python-django-openstack-auth tracking bugs for this issue: Affects: openstack-rdo [bug 1357727]
Created python-django-horizon tracking bugs for this issue: Affects: openstack-rdo [bug 1357726]
This issue has been addressed in the following products: Red Hat OpenStack Platform 8.0 Operational Tools for RHEL 7 Via RHSA-2016:1594 https://rhn.redhat.com/errata/RHSA-2016-1594.html
This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 Via RHSA-2016:1595 https://rhn.redhat.com/errata/RHSA-2016-1595.html
This issue has been addressed in the following products: Red Hat OpenStack Platform 8.0 (Liberty) Via RHSA-2016:1596 https://rhn.redhat.com/errata/RHSA-2016-1596.html