![manchandavishal](/assets/img/avatar_default.png)
The "success_url" param is used when updating the project snapshot [1] and it lacks sanitizing the input URL that allows an attacker to redirect the user to another website. This patch update 'Updateview' class to not use the "sucess_url" method. Closes-bug: #1982676 [1] https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/project/snapshots/views.py#L109 Change-Id: Ied142440965b1a722e7a4dd1be3b1be3b3e1644b