CVE-2016-5737

2017-01-12T23:59:00
ID CVE-2016-5737
Type cve
Reporter cve@mitre.org
Modified 2017-01-18T19:48:00

Description

The Gerrit configuration in the Openstack Puppet module for Gerrit (aka puppet-gerrit) improperly marks text/html as a safe mimetype, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a crafted review.