CVE-2016-8751: XSS
First published: Wed Jun 14 2017(Updated: )
Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Ranger | <0.6.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-8751?
CVE-2016-8751 is categorized as a medium severity vulnerability due to its potential impact on security when exploited.
How do I fix CVE-2016-8751?
To fix CVE-2016-8751, upgrade Apache Ranger to version 0.6.3 or later to ensure the vulnerability is patched.
What type of attack does CVE-2016-8751 facilitate?
CVE-2016-8751 facilitates stored cross-site scripting (XSS) attacks by allowing arbitrary JavaScript code execution.
Who is affected by CVE-2016-8751?
Admin users of Apache Ranger who define custom policy conditions can unknowingly impact normal users through XSS when using versions prior to 0.6.3.
What versions of Apache Ranger are affected by CVE-2016-8751?
Versions of Apache Ranger prior to 0.6.3 are affected by CVE-2016-8751.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- agent/source
- vendor/apache
- canonical/apache ranger