This report seems very similar to https://security.openstack.org/ossa/OSSA-2014-023.html (CVE-2014-3474), which was fixed in Horizon's Juno release (2014.2) and backported to Icehouse (in 2014.1.2), and Havana (in 2013.2.4). Without a clear statement of which version the reporter found this in and no reproduction steps provided, I'm going to assume this is a duplicate of bug 1322197 and mark it as such. We can split the bugs again if the reporter or someone else comes along with more actionable information.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-3474 ** Changed in: ossa Status: Incomplete => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1892848 Title: XSS in adding JavaScript into the ‘Subnet Name’ field Status in OpenStack Dashboard (Horizon): Incomplete Status in OpenStack Security Advisory: Incomplete Bug description: While testing v3.10 for a client, I found that there was Persistent XSS. This was performed by creating a network and then entering javascript into the subnet name. The user would then have to attach the network interface with the javascript present to an instance. After this when a user created a network bridge then the javascript would run. I only had one account when performing this test but believe it would run when other users where logged in using the same instance and network interface. ----------------------------------- Release: 0.0.1.dev215 on 2020-06-16 21:33:43 SHA: fbfe127c87f2e860efa7806eb9f6d6847d56ba07 Source: https://opendev.org/openstack/ossa/src/doc/source/ossa/OSSA-2014-023.rst URL: https://security.openstack.org/ossa/OSSA-2014-023.html To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1892848/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
