OSSA-2014-027: Persistent XSS in Horizon Host Aggregates interface¶
August 19, 2014
Horizon: up to 2013.2.3, and 2014.1 versions up to 2014.1.2
Dennis Felsch and Mario Heiderich from the Horst Görtz Institute for IT-Security, Ruhr-University Bochum reported a persistent XSS in Horizon. A malicious administrator may conduct a persistent XSS attack by registering a malicious host aggregate in Horizon Host Aggregate interface. Once executed in a legitimate context this attack may reveal another admin token, potentially resulting in a lateral privilege escalation. All Horizon setups are affected.
Dennis Felsch from Ruhr-University Bochum (CVE-2014-3594)
Mario Heiderich from Ruhr-University Bochum (CVE-2014-3594)