The view for cloudwatch alarms is vulnerable to XSS

Netflix / asgard

[Asgard is deprecated at Netflix. We use Spinnaker ( www.spinnaker.io ).] Web interface for application deployments and cloud management in Amazon Web Services (AWS). Binary download: http://github.com/Netflix/asgard/releases

http://netflix.github.com/asgard

Apache License 2.0

2.24k stars 406 forks source link

The view for cloudwatch alarms is vulnerable to XSS #324

Open majun8cn opened 11 years ago

majun8cn commented 11 years ago

The view for cloudwatch alarms is vulnerable to XSS

When the name of cloudwatch alarm contains a XSS code, it is executed when the user visit the cloudwatch alarm view.

majun8cn commented 11 years ago

Same thing for the EC2 instance view