CVE-2016-5395: XSS
First published: Mon Sep 26 2016(Updated: )
Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Ranger | <=0.5.0 | |
| Apache Ranger | =0.5.1 | |
| Apache Ranger | =0.5.2 | |
| Apache Ranger | =0.5.3 | |
| Apache Ranger | =0.6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/type
- agent/description
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/apache
- canonical/apache ranger
- version/apache ranger/0.5.0
- version/apache ranger/0.5.1
- version/apache ranger/0.5.2
- version/apache ranger/0.5.3
- version/apache ranger/0.6.0