Headline
CVE-2014-125070: Fix XSS issue with the unordered_list filter · yanheven/console@ba908ae
A vulnerability has been found in yanheven console and classified as problematic. Affected by this vulnerability is the function get_zone_hosts/AvailabilityZonesTable of the file openstack_dashboard/dashboards/admin/aggregates/tables.py. The manipulation leads to cross site scripting. The attack can be launched remotely. The name of the patch is ba908ae88d5925f4f6783eb234cc4ea95017472b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217651.
@@ -93,18 +93,22 @@ def get_zone_hosts(zone): return host_details
def safe_unordered_list(value): return filters.unordered_list(value, autoescape=True)
class HostAggregatesTable(tables.DataTable): name = tables.Column('name’, verbose_name=_(‘Name’)) availability_zone = tables.Column('availability_zone’, verbose_name=_(‘Availability Zone’)) hosts = tables.Column(get_aggregate_hosts, verbose_name=_(“Hosts”), wrap_list=True, filters=(filters.unordered_list,)) filters=(safe_unordered_list,)) metadata = tables.Column(get_metadata, verbose_name=_(“Metadata”), wrap_list=True, filters=(filters.unordered_list,)) filters=(safe_unordered_list,))
class Meta: name = “host_aggregates” @@ -123,7 +127,7 @@ class AvailabilityZonesTable(tables.DataTable): hosts = tables.Column(get_zone_hosts, verbose_name=_(‘Hosts’), wrap_list=True, filters=(filters.unordered_list,)) filters=(safe_unordered_list,)) available = tables.Column(get_available, verbose_name=_(‘Available’), status=True,