OpenStack Dashboard (Horizon)

  1. Bug #1308727
  2. Comment #6

Comment 6 for bug 1308727

Revision history for this message
Jason Hullinger (jason-hullinger) wrote : Re: XSS in Horizon Heat template - resource name

Hi Paul, thanks for taking a look. I went through the templates above and I believe that this is the one containing the vulnerability: https://github.com/openstack/horizon/blob/56addb790a40da1feae360f3f413dc1f539ed01a/openstack_dashboard/dashboards/project/stacks/templates/stacks/_stack_info.html#L14

The other ones look interesting as well but I do not believe they are vulnerable since they don't seem to take content from the user:

Contains the stack UUID, so not vulnerable
https://github.com/openstack/horizon/blob/56addb790a40da1feae360f3f413dc1f539ed01a/openstack_dashboard/dashboards/project/stacks/templates/stacks/_detail_topology.html#L7

I believe this too is a URL containing the UUID of a physical resource in a nested stack, so I don't believe that one is vulnerable either.
https://github.com/openstack/horizon/blob/56addb790a40da1feae360f3f413dc1f539ed01a/openstack_dashboard/dashboards/project/stacks/templates/stacks/_resource_overview.html#L15