CVE-2016-6519
MEDIUMOpenStack Manila < 2.5.1 - Authenticated Stored Cross-Site Scripting via Metadata Field
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form.
References (7)
Core 7
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2115.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2117.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2116.html
Issue Tracking x_refsource_confirm
https://bugs.launchpad.net/manila-ui/+bug/1597738
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/93001
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/09/15/7
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1375147
Scores
CVSS v3
5.4
EPSS
0.0033
EPSS Percentile
55.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (5)
openstack/manila
< 2.5
pypi/manila-ui
0 - 2.5.1PyPI
redhat/openstack
7.0
redhat/openstack
8
redhat/openstack
9
Published
Apr 21, 2017
Tracked Since
Feb 18, 2026