Oups, sorry about that. I also fixed a couple of typos, here is impact description draft #3:
Title: XSS in Horizon client side template
Reporter: Beth Lancaster and Brandon Sawyers (Virginia Tech)
Products: Horizon
Affects: <=8.0.0, 8.0.1 and 9.0.0
Description:
Beth Lancaster and Brandon Sawyers from Virginia Tech reported a vulnerability in Horizon. By injecting Angularjs template in dashboard forms, such as image's description, an authenticated user may trigger a cross-site-scripting vulnerability when another user browses the affected pages. It may result in potential assets theft like user access credentials. All Horizon setups are affected.
Oups, sorry about that. I also fixed a couple of typos, here is impact description draft #3:
Title: XSS in Horizon client side template
Reporter: Beth Lancaster and Brandon Sawyers (Virginia Tech)
Products: Horizon
Affects: <=8.0.0, 8.0.1 and 9.0.0
Description: scripting vulnerability when another user browses the affected pages. It may result in potential assets theft like user access credentials. All Horizon setups are affected.
Beth Lancaster and Brandon Sawyers from Virginia Tech reported a vulnerability in Horizon. By injecting Angularjs template in dashboard forms, such as image's description, an authenticated user may trigger a cross-site-