yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #80579
[Bug 1851132] [NEW] Nova api Cross-Site Scripting Reflected
Public bug reported:
Description
===========
Using webinspect scan nova api, we get Critical Security Vulnerabilities. Could give us some advices, thanks
Expected result
===============
No Security Vulnerabilities
Actual result
=============
Critical
Cross-Site Scripting: Reflected
https://10.43.210.23:8774/v2.1/1423ea90d84442908ddd08ed8130da7f/servers/%3c%61%20%48%72%45%66%3d%56%62%53%63%52%69%50%74%3a%4d%73%67%42%6f%78%28%31%37%37%38%33%29%3e
** Affects: nova
Importance: Undecided
Status: New
** Description changed:
Description
===========
- Using webinspect scan nova api, we get Critical Security Vulnerabilities.
+ Using webinspect scan nova api, we get Critical Security Vulnerabilities. Could give us some advices, thanks
Expected result
===============
No Security Vulnerabilities
Actual result
=============
Critical
Cross-Site Scripting: Reflected
https://10.43.210.23:8774/v2.1/1423ea90d84442908ddd08ed8130da7f/servers/%3c%61%20%48%72%45%66%3d%56%62%53%63%52%69%50%74%3a%4d%73%67%42%6f%78%28%31%37%37%38%33%29%3e
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1851132
Title:
Nova api Cross-Site Scripting Reflected
Status in OpenStack Compute (nova):
New
Bug description:
Description
===========
Using webinspect scan nova api, we get Critical Security Vulnerabilities. Could give us some advices, thanks
Expected result
===============
No Security Vulnerabilities
Actual result
=============
Critical
Cross-Site Scripting: Reflected
https://10.43.210.23:8774/v2.1/1423ea90d84442908ddd08ed8130da7f/servers/%3c%61%20%48%72%45%66%3d%56%62%53%63%52%69%50%74%3a%4d%73%67%42%6f%78%28%31%37%37%38%33%29%3e
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1851132/+subscriptions
Follow ups
