yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1407092] Re: cinder-api reflects JavaScript input

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Tristan Cacqueray <tdecacqu@xxxxxxxxxx>
Date: Mon, 26 Sep 2016 14:00:42 -0000
Reply-to: Bug 1407092 <1407092@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: ossa
       Status: Incomplete => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1407092

Title:
  cinder-api reflects JavaScript input

Status in Cinder:
  Won't Fix
Status in OpenStack Dashboard (Horizon):
  Invalid
Status in Mirantis OpenStack:
  Invalid
Status in Mirantis OpenStack 5.0.x series:
  Won't Fix
Status in Mirantis OpenStack 5.1.x series:
  Won't Fix
Status in Mirantis OpenStack 6.0.x series:
  Won't Fix
Status in Mirantis OpenStack 6.1.x series:
  Won't Fix
Status in Mirantis OpenStack 7.0.x series:
  Invalid
Status in Mirantis OpenStack 9.x series:
  Invalid
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  cinder-api reflects JavaScript input which could be used to perform
  Cross-Site-Scripting attack on a browser which is visiting Horizon
  interface and working with cinder related gui items

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1407092/+subscriptions