Can not delete container with XSS-injected name
Bug #1469147 reported by
Vlad Okhrimenko
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Dashboard (Horizon) |
Fix Released
|
Wishlist
|
Kuo-tung Kao (jelly) | ||
Bug Description
Steps:
1. Login to Horizon Dashboard as admin user.
2. Navigate to Project -> Object Store -> Containers page.
3. Create Containers with names:
3.1 '';!--"<XSS>=&{()}
3.2 <IMG SRC="javascript
3.3 <IMG SRC=javascript:
4. Try to delete these containers --- they can't be removed
| Changed in horizon: | |
| assignee: | nobody → jelly (coding1314) |
| Changed in horizon: | |
| importance: | Undecided → Wishlist |
| Changed in horizon: | |
| status: | New → In Progress |
Revision history for this message
| Kuo-tung Kao (jelly) (coding1314) wrote | #1 |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to horizon (master) | #2 |
| Changed in horizon: | |
| status: | In Progress → Fix Committed |
| Changed in horizon: | |
| milestone: | none → liberty-2 |
| status: | Fix Committed → Fix Released |
| Changed in horizon: | |
| milestone: | liberty-2 → 8.0.0 |
To post a comment you must log in.
I send a patch for the bug.
https:/