ID CVE-2016-5737Type cveReporter NVDModified 2017-01-18T14:48:39
Description
The Gerrit configuration in the Openstack Puppet module for Gerrit (aka puppet-gerrit) improperly marks text/html as a safe mimetype, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a crafted review.
{"type": "cve", "published": "2017-01-12T18:59:00", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5737", "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "df811e638ed07856b13f37cb41b2fe58"}, {"key": "cvelist", "hash": "dbefb07a64c5cb2b4a070ef0e138b015"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "5cf3730223a930c4106474cf88cdb440"}, {"key": "href", "hash": "04693264e4222f120cc2a7a477e902e0"}, {"key": "modified", "hash": "83404ac528eebfaded230318ed9f6bd0"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "4334204d7c0118ddc77f9889d0d24d9b"}, {"key": "references", "hash": "452653e4be80a70d189190a5a63b76e2"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "e847996e9fa50d5d24f4df1c45183e6b"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "bulletinFamily": "NVD", "cvss": {"vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/", "score": 4.3}, "scanner": [], "viewCount": 3, "history": [], "edition": 1, "objectVersion": "1.2", "cpe": ["cpe:/a:openstack:puppet-gerrit:-"], "reporter": "NVD", "title": "CVE-2016-5737", "enchantments": {"score": {"vector": "NONE", "value": 4.3}, "dependencies": {"references": [], "modified": "2017-04-18T15:59:49"}, "vulnersScore": 4.3}, "references": ["http://www.openwall.com/lists/oss-security/2016/06/22/2", "https://github.com/openstack-infra/puppet-gerrit/commit/8573c2ee172f66c1667de49685c88fdc8883ca8b", "http://www.securityfocus.com/bid/91352"], "assessment": {"system": "", "href": "", "name": ""}, "id": "CVE-2016-5737", "hash": "07371192295b1036cc456cd42887cfa42c16c4517d9921722a65791ae5a2cd84", "lastseen": "2017-04-18T15:59:49", "cvelist": ["CVE-2016-5737"], "modified": "2017-01-18T14:48:39", "description": "The Gerrit configuration in the Openstack Puppet module for Gerrit (aka puppet-gerrit) improperly marks text/html as a safe mimetype, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a crafted review."}
{}
