Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1515355 - Text Injection possible
Summary: Text Injection possible
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: UI - OPS
Version: 5.8.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: GA
: 5.8.4
Assignee: Martin Povolny
QA Contact: Vatsal Parekh
Whiteboard: ui:flash_msg
Depends On: 1475303
TreeView+ depends on / blocked
Reported: 2017-11-20 16:24 UTC by Satoe Imaishi
Modified: 2018-04-18 10:05 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1475303
Last Closed: 2018-04-18 10:05:05 UTC
Category: ---
Cloudforms Team: CFME Core
Target Upstream Version:

Attachments (Terms of Use)

Comment 2 CFME Bot 2017-11-20 16:38:23 UTC
New commit detected on ManageIQ/manageiq-ui-classic/fine:

commit da77dafa31e78d1d9f10b6f145d4f5167c850621
Author:     Milan Zázrivec <>
AuthorDate: Tue Oct 17 12:42:01 2017 +0200
Commit:     Satoe Imaishi <>
CommitDate: Mon Nov 20 11:36:40 2017 -0500

    Merge pull request #2412 from martinpovolny/redirect_flash_orchestration_stack
    OrchestrationStack template copy: use session, not URL to pass the fl…
    (cherry picked from commit 64451638e04dc909b5d31c4ff23c7710342bc3d5)

 app/controllers/orchestration_stack_controller.rb | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

Comment 3 Vatsal Parekh 2017-12-15 10:05:45 UTC
Still seeing this at some places, like after ordering a Catalog.

Comment 5 Martin Povolny 2018-04-18 10:05:05 UTC
Here's the latest PR on this:

Changes are in too many places to put this into 5.8.x so closing this as won't fix.

This is going to be fixed in the next release (6.0), clone:

Note You need to log in before you can comment on or make changes to this bug.