Comment 16 for bug 1308727
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: XSS in Horizon Heat template - resource name | #16 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
Many thanks fungi!
About affected versions, it is not confirmed indeed. Yet #1320235 seemed to be introduced by e410ee9ff, which date back to Folsom.
So this is impact description #4:
Title: Multiple XSS vulnerabilities in Horizon
Reporter: Jason Hullinger (HP), Craig Lorentzen (Cisco), Michael Xin
(Rackspace)
Products: Horizon
Versions: up to 2013.2.3, and 2014.1
Description:
Jason Hullinger from Hewlett Packard, Craig Lorentzen from Cisco and Michael Xin from Rackspace reported 3 cross-site scripting (XSS) vulnerabilities in Horizon. A malicious Orchestration template owner or catalog may conduct an XSS attack once a corrupted template is used in the Orchestration/Stack section of Horizon. A malicious Horizon user may store an XSS attack by creating a network with a corrupted name. A malicious Horizon administrator may store an XSS attack by creating a user with a corrupted email address. Once executed in a legitimate context these attacks may result in potential asset stealing (horizon user/admin access credentials, VMs/Network configuration/