CVE-2016-5395
MEDIUMApache Ranger < 0.5.0 - XSS
Title source: ruleDescription
Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies.
Scores
CVSS v3
4.8
EPSS
0.0013
EPSS Percentile
32.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Classification
CWE
CWE-79
Status
published
Affected Products (7)
apache/ranger
< 0.5.0
apache/ranger
apache/ranger
apache/ranger
apache/ranger
org.apache.ranger/ranger
< 0.6.1Maven
n/a/n/a
Timeline
Published
Sep 26, 2016
Tracked Since
Feb 18, 2026