Can not delete container with XSS-injected name
Bug #1469147 reported by
Vlad Okhrimenko
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Dashboard (Horizon) |
Fix Released
|
Wishlist
|
Kuo-tung Kao (jelly) |
Bug Description
Steps:
1. Login to Horizon Dashboard as admin user.
2. Navigate to Project -> Object Store -> Containers page.
3. Create Containers with names:
3.1 '';!--"<XSS>=&{()}
3.2 <IMG SRC="javascript
3.3 <IMG SRC=javascript:
4. Try to delete these containers --- they can't be removed
Changed in horizon: | |
assignee: | nobody → jelly (coding1314) |
Changed in horizon: | |
importance: | Undecided → Wishlist |
Changed in horizon: | |
status: | New → In Progress |
Changed in horizon: | |
milestone: | none → liberty-2 |
status: | Fix Committed → Fix Released |
Changed in horizon: | |
milestone: | liberty-2 → 8.0.0 |
To post a comment you must log in.
I send a patch for the bug. /review. openstack. org/198281
https:/