A quick look at just the stacks dashboard shows:
This is probably the reported vulnerability:
https://github.com/openstack/horizon/blob/56addb790a40da1feae360f3f413dc1f539ed01a/openstack_dashboard/dashboards/project/stacks/templates/stacks/_detail_topology.html#L7
This is likely to be a vulnerability: https://github.com/openstack/horizon/blob/56addb790a40da1feae360f3f413dc1f539ed01a/openstack_dashboard/dashboards/project/stacks/templates/stacks/_resource_overview.html#L15
This looks user-controlled, so also a problem: https://github.com/openstack/horizon/blob/56addb790a40da1feae360f3f413dc1f539ed01a/openstack_dashboard/dashboards/project/stacks/templates/stacks/_stack_info.html#L14
Obviously I'm not going to open a new ticket about these separate issues that weren't in the original report, but as you can see, there's some fundamental problems. I didn't examine the rest of Horizon, someone should do that.
A quick look at just the stacks dashboard shows:
This is probably the reported vulnerability:
https:/ /github. com/openstack/ horizon/ blob/56addb790a 40da1feae360f3f 413dc1f539ed01a /openstack_ dashboard/ dashboards/ project/ stacks/ templates/ stacks/ _detail_ topology. html#L7
This is likely to be a vulnerability: /github. com/openstack/ horizon/ blob/56addb790a 40da1feae360f3f 413dc1f539ed01a /openstack_ dashboard/ dashboards/ project/ stacks/ templates/ stacks/ _resource_ overview. html#L15
https:/
This looks user-controlled, so also a problem: /github. com/openstack/ horizon/ blob/56addb790a 40da1feae360f3f 413dc1f539ed01a /openstack_ dashboard/ dashboards/ project/ stacks/ templates/ stacks/ _stack_ info.html# L14
https:/
Obviously I'm not going to open a new ticket about these separate issues that weren't in the original report, but as you can see, there's some fundamental problems. I didn't examine the rest of Horizon, someone should do that.