Comment 0 for bug 1892848

Revision history for this message
James Hill (jhill88) wrote : Persistent XSS found in the horizon dashboard v3.10

While testing v3.10 for a client, I found that there was Persistent XSS.

This was performed by creating a network and then entering javascript into the subnet name. The user would then have to attach the network interface with the javascript present to an instance. After this when a user created a network bridge then the javascript would run.

I only had one account when performing this test but believe it would run when other users where logged in using the same instance and network interface.

-----------------------------------
Release: 0.0.1.dev215 on 2020-06-16 21:33:43
SHA: fbfe127c87f2e860efa7806eb9f6d6847d56ba07
Source: https://opendev.org/openstack/ossa/src/doc/source/ossa/OSSA-2014-023.rst
URL: https://security.openstack.org/ossa/OSSA-2014-023.html