** Changed in: ossa
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1567673
Title:
[OSSA-2016-010] Possible client side template injection in horizon
(CVE-2016-4428)
Status in OpenStack Dashboard (Horizon):
Fix Released
Status in OpenStack Security Advisory:
Fix Released
Bug description:
I'm working through my groups process to deploy a new web app so that
we can provide openstack in our production environment. Part of that
process is having an authenticated security scan done by Acunetix.
I've attached a screenshot of the report for the alert received during
the scan.
Unfortunately I'm not a dev, so I'm not sure if this is a false alarm
or not.
Quick research found the following link which talks about the issue in
general: http://blog.portswigger.net/2016/01/xss-without-html-client-
side-template.html
Any input would be greatly appreciated.
Thanks!
Brandon
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1567673/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
