Miggo Logo

CVE-2017-7400: OpenStack Horizon Cross-site Scripting (XSS)

4.8

CVSS Score
3.0

Basic Information

EPSS Score
0.44978%
Published
5/14/2022
Updated
5/14/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
horizonpip>= 9.0, < 9.1.29.1.2
horizonpip>= 10.0, < 10.0.310.0.3
horizonpip>= 11.0.0, < 11.0.111.0.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from improper sanitization in the federation mappings UI. Commit diffs show the removal of 'safestring.mark_safe()' in the get_rules_as_json function, which previously marked user-controlled JSON data as safe for HTML rendering. This lack of escaping enabled stored XSS when malicious rules were displayed. The direct correlation between the fix and the CWE-79 classification confirms this function's role in the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Op*nSt**k *orizon *.x t*rou** *.*.*, **.x t*rou** **.*.*, *n* **.*.* *llows r*mot* *ut**nti**t** **ministr*tors to *on*u*t XSS *tt**ks vi* * *r**t** ****r*tion m*ppin*.

Reasoning

T** vuln*r**ility st*mm** *rom improp*r s*nitiz*tion in t** ****r*tion m*ppin*s UI. *ommit *i**s s*ow t** r*mov*l o* 's***strin*.m*rk_s***()' in t** **t_rul*s_*s_json *un*tion, w*i** pr*viously m*rk** us*r-*ontroll** JSON **t* *s s*** *or *TML r*n**r