CVE-2016-6519: XSS
First published: Mon Sep 12 2016(Updated: )
Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form.
Credit: meissner@suse.de security@opentext.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Openstack | =7.0 | |
| Redhat Openstack | =8 | |
| Redhat Openstack | =9 | |
| OpenStack Manila | <=2.5 | |
| pip/manila-ui | <2.5.1 | 2.5.1 |
| =7.0 | ||
| =8 | ||
| =9 | ||
| <=2.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/openstack/manila-ui/blob/d5fe23e4ba30846acdd09fa1dc61a415016a7e26/manila_ui/dashboards/project/shares/shares/tabs.py#L49
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1200138
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1200138&action=edit
- https://access.redhat.com/security/cve/CVE-2016-6519
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1376642
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1376643
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1376644
- https://rhn.redhat.com/errata/RHSA-2016-2117.html
- https://rhn.redhat.com/errata/RHSA-2016-2116.html
- https://rhn.redhat.com/errata/RHSA-2016-2115.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1375147
- http://rhn.redhat.com/errata/RHSA-2016-2115.html
- http://rhn.redhat.com/errata/RHSA-2016-2116.html
- http://rhn.redhat.com/errata/RHSA-2016-2117.html
- http://www.openwall.com/lists/oss-security/2016/09/15/7
- http://www.securityfocus.com/bid/93001
- https://bugs.launchpad.net/manila-ui/+bug/1597738
- https://nvd.nist.gov/vuln/detail/CVE-2016-6519
- https://github.com/openstack/manila-ui/commit/009913d725bee34cef0bd62e47a298025ace2696
- https://github.com/openstack/manila-ui/commit/89593686ef18f2bd06223b92071b4be2362a5abd
- https://github.com/openstack/manila-ui/commit/fca19a1b0d42536644212c5d673fbd6866e67c43
- https://github.com/advisories/GHSA-vq76-5ghr-9p4v (Advisory)
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-vq76-5ghr-9p4v
- alias/CVE-2016-6519
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/references
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- agent/author
- agent/softwarecombine
- agent/event
- collector/nvd-cve
- source/NVD
- collector/github-advisory
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/redhat
- canonical/redhat openstack
- version/redhat openstack/7.0
- version/redhat openstack/8
- version/redhat openstack/9
- vendor/openstack
- canonical/openstack manila
- version/openstack manila/2.5
- package-manager/pip