@Brandon Sawyer, is there an affiliation we could reference in the advisory ?
Proposed impact description draft #1:
Title: XSS in Horizon client side template
Reporter: Brandon Sawyers
Products: Horizon
Affects: <=8.0.0, >=8.0.0 <=8.0.1 and 9.0.0
Description:
Brandon Sawyer reported a vulnerability in Horizon. By injecting angularjs template in dashboard forms such as image's description, an authenticated user may trigger a cross-site-scripting vulnerability when another user browse the affected pages. It may result in potential assets theft like user access credentials. All Horizon setups are affected.
@Brandon Sawyer, is there an affiliation we could reference in the advisory ?
Proposed impact description draft #1:
Title: XSS in Horizon client side template
Reporter: Brandon Sawyers
Products: Horizon
Affects: <=8.0.0, >=8.0.0 <=8.0.1 and 9.0.0
Description: scripting vulnerability when another user browse the affected pages. It may result in potential assets theft like user access credentials. All Horizon setups are affected.
Brandon Sawyer reported a vulnerability in Horizon. By injecting angularjs template in dashboard forms such as image's description, an authenticated user may trigger a cross-site-