CVE-2016-5395

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-5395

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5395.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-5395

Aliases

GHSA-rf7q-xqm3-6923

Withdrawn

2024-05-15T05:32:18.022561Z

Published

2016-09-26T14:59:04Z

Modified

2023-11-29T05:34:55.592799Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies.

References

Affected packages

Git / github.com/apache/ranger

Affected ranges

Type: GIT
Repo: https://github.com/apache/ranger
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

4b6b641008feca7834d5f2a97cd954aa31065298

Last affected

7e3252f305f6e50a2622f302461b44ff5fc4d62f

Affected versions

ranger-0.*

ranger-0.4.0-rc0

ranger-0.5.0-rc1

ranger-0.5.0-rc2

ranger-0.5.0-rc3

ranger-0.5.1-rc0

ranger-0.5.1-rc1

ranger-0.5.1-rc2

ranger-0.5.2-rc1

ranger-0.6.0-rc1