** Changed in: ossa Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1247675
Title: [OSSA 2013-036] Insufficient sanitization of Instance Name in Horizon (CVE-2013-6858) Status in OpenStack Dashboard (Horizon): Fix Released Status in OpenStack Dashboard (Horizon) grizzly series: Fix Committed Status in OpenStack Dashboard (Horizon) havana series: Fix Committed Status in OpenStack Security Advisories: Fix Released Bug description: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello, My name is Chris Chapman, I am an Incident Manager with Cisco PSIRT. I would like to report the following XSS issue found in the OpenStack WebUI that was reported to Cisco. The details are as follows: The OpenStack web user interface is vulnerable to XSS: While launching (or editing) an instance, injecting <script> tags in the instance name results in the javascript being executed on the "Volumes" and the "Network Topology" page. This is a classic Stored XSS vulnerability. Recommendations: - - Sanitize the "Instance Name" string to prevent XSS. - - Sanitize all user input to prevent XSS. - - Consider utilizing Content Security Policy (CSP). This can be used to prevent inline javascript from executing & only load javascript files from approved domains. This would prevent XSS, even in scenarios where user input is not properly sanitized. Please include PSIRT-2070334443 in the subject line for all communications on this issue with Cisco going forward. If you can also include any case number that this issue is assigned that will help us track the issue. Thank you, Chris Chris Chapman | Incident Manager Cisco Product Security Incident Response Team - PSIRT Security Research and Operations Office: (949) 823-3167 | Direct: (562) 208-0043 Email: chchcha...@cisco.com SIO: http://www.cisco.com/security PGP: 0x959B3169 -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCgAGBQJSc8QQAAoJEPMPZe6VmzFpLw8H/1h2ZhqKJs6nxZDGnDpn3N2t 6S6vwx3UYZGG5O1TTx1wrZkkHxckAg8GzMBJa6HFXPs1Zr0o9nhuLfvdKfShQFUA HqWMPOFPKid2LML2FMOGAWAdQAG6YTMknZ9d8JTvHI2BhluOsjxlOa0TBNr/Gm+Z iwAOBmAgJqU2nWx1iomiGhUpwX2oaQuqDyaosycpVtv0gQAtYsEf7zYdRNod7kB5 6CGEXJ8J161Bd04dta99onFAB1swroOpOgUopUoONK4nHDxot/MojnvusDmWe2Fs usVLh7d6hB3eDyWpVFhbKwSW+Bkmku1Tl0asCgm1Uy9DkrY23UGZuIqKhFs5A8U= =gycf -----END PGP SIGNATURE----- To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1247675/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp