Hi Paul, thanks for taking a look. I went through the templates above and I believe that this is the one containing the vulnerability: https://github.com/openstack/horizon/blob/56addb790a40da1feae360f3f413dc1f539ed01a/openstack_dashboard/dashboards/project/stacks/templates/stacks/_stack_info.html#L14
The other ones look interesting as well but I do not believe they are vulnerable since they don't seem to take content from the user:
Contains the stack UUID, so not vulnerable https://github.com/openstack/horizon/blob/56addb790a40da1feae360f3f413dc1f539ed01a/openstack_dashboard/dashboards/project/stacks/templates/stacks/_detail_topology.html#L7
I believe this too is a URL containing the UUID of a physical resource in a nested stack, so I don't believe that one is vulnerable either. https://github.com/openstack/horizon/blob/56addb790a40da1feae360f3f413dc1f539ed01a/openstack_dashboard/dashboards/project/stacks/templates/stacks/_resource_overview.html#L15
Hi Paul, thanks for taking a look. I went through the templates above and I believe that this is the one containing the vulnerability: https:/ /github. com/openstack/ horizon/ blob/56addb790a 40da1feae360f3f 413dc1f539ed01a /openstack_ dashboard/ dashboards/ project/ stacks/ templates/ stacks/ _stack_ info.html# L14
The other ones look interesting as well but I do not believe they are vulnerable since they don't seem to take content from the user:
Contains the stack UUID, so not vulnerable /github. com/openstack/ horizon/ blob/56addb790a 40da1feae360f3f 413dc1f539ed01a /openstack_ dashboard/ dashboards/ project/ stacks/ templates/ stacks/ _detail_ topology. html#L7
https:/
I believe this too is a URL containing the UUID of a physical resource in a nested stack, so I don't believe that one is vulnerable either. /github. com/openstack/ horizon/ blob/56addb790a 40da1feae360f3f 413dc1f539ed01a /openstack_ dashboard/ dashboards/ project/ stacks/ templates/ stacks/ _resource_ overview. html#L15
https:/