CVE-2016-6519

MEDIUM

Openstack Manila <2.5.1 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form.

References (7)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2016-2115.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2016-2116.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2016-2117.html

[Issue Tracking] https://bugs.launchpad.net/manila-ui/+bug/1597738

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=1375147

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/93001

[Mailing List] http://www.openwall.com/lists/oss-security/2016/09/15/7

Scores

CVSS v3 5.4

EPSS 0.0033

EPSS Percentile 55.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status draft

Affected Products (5)

redhat/openstack

openstack/manila < 2.5

pypi/manila-ui < 2.5.1PyPI

Timeline

Published Apr 21, 2017

Tracked Since Feb 18, 2026