Bug #6149
Updated by Dominic Cleal almost 10 years ago
*EMBARGOED until further notice*
The host YAML view (preview of YAML data for Puppet) is vulnerable to cross-site scripting attacks, when data relating to the host (such as parameters) contains HTML content.
1. Edit a host, add a parameter with HTML as its name or value
2. View the host, click the YAML button