Comment 21 for bug 1567673
Revision history for this message
| Travis McPeak (travis-mcpeak) wrote Re: Possible client side template injection in horizon | #21 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
If an attacker is able to inject code that is only rendered for themselves (as the PoC showed) then we shouldn't be too worried and we can fix in public. If there are other exploit vectors where an attacker can inject templates that are rendered for others then it's a more serious issue.
Is this a new issue or something we'll have to backport?