Comment 3 for bug 1349491
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: Persistent XSS in the Host Aggregates interface | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
@Julie Thanks for the quick patch and severity analysis!
Here is the impact description draft #1:
Title: Persistent XSS in Horizon Host Aggregates interface
Reporters: Dennis Felsch and Mario Heiderich (Ruhr-University Bochum)
Products: Horizon
Versions: up to 2013.2.3, and 2014.1 versions up to 2014.1.1
Description:
Dennis Felsch and Mario Heiderich from the Horst Görtz Institute for IT-Security, Ruhr-University Bochum reported a persistent XSS in Horizon. A malicious administrator may conduct a persistent XSS attack by registering a malicious host aggregate in Horizon Host Aggregate interface. Once executed in a legitimate context these attacks may result in potential asset stealing (horizon user/admin access credentials, VMs/Network configuration/