← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1892848] Re: XSS in adding JavaScript into the ‘Subnet Name’ field

 

Actually, when starting to mark this as a duplicate, I noticed that
there was another report set as a duplicate of this one in Private
Security state. Because it was set as a duplicate it didn't show up in
our usual queries and so we missed switching it to Public Security when
its embargo was set to expire in January.

Vishal: can you have a quick look at bug 1900872 and see if the
screenshot examples there provide sufficient context to reproduce the
behavior and/or identify potentially affected versions?

** Changed in: ossa
       Status: Invalid => Incomplete

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1892848

Title:
  XSS in adding JavaScript into the ‘Subnet Name’ field

Status in OpenStack Dashboard (Horizon):
  Incomplete
Status in OpenStack Security Advisory:
  Incomplete

Bug description:
  While testing v3.10 for a client, I found that there was Persistent
  XSS.

  This was performed by creating a network and then entering javascript
  into the subnet name. The user would then have to attach the network
  interface with the javascript present to an instance. After this when
  a user created a network bridge then the javascript would run.

  I only had one account when performing this test but believe it would
  run when other users where logged in using the same instance and
  network interface.

  -----------------------------------
  Release: 0.0.1.dev215 on 2020-06-16 21:33:43
  SHA: fbfe127c87f2e860efa7806eb9f6d6847d56ba07
  Source: https://opendev.org/openstack/ossa/src/doc/source/ossa/OSSA-2014-023.rst
  URL: https://security.openstack.org/ossa/OSSA-2014-023.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1892848/+subscriptions