Comment 14 for bug 1308727
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: XSS in Horizon Heat template - resource name | #14 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Here is the combined impact description #3 for #1308727, #1322197 and #1320235:
Title: Multiple XSS vulnerabilities in Horizon
Reporter: Jason Hullinger (HP), Craig Lorentzen (Cisco), Michael Xin
(Rackspace)
Products: Horizon
Versions: 2013.2 to 2013.2.3, and 2014.1
Description:
Jason Hullinger from Hewlett Packard, Craig Lorentzen from Cisco and
Michael Xin from Rackspace reported 3 XSS vulnerabilities in Horizon. A
malicious Orchestration templates owner/catalog may conduct an XSS once
a corrupted template is used in the Orchestration/Stack section of
Horizon. A malicious Horizon user may store an XSS by creating a network
with a corrupted name. A malicious Horizon administrator may store an
XSS by creating a user with a corrupted email address. Once executed in
a legitimate context those XSS may result in potential assets stealing
(horizon user/admin access credentials, VMs/Network
configuration/
Horizon setups are affected.