Lucene search
RedHatRHSA-2016:2117HistoryOct 26, 2016 - 2:12 p.m.
(RHSA-2016:2117) Moderate: openstack-manila-ui security update
2016-10-2614:12:12
access.redhat.com
12
0.001 Low
EPSS
Percentile
47.5%
OpenStack’s File Share Service (manila) provides the means to easily provision shared file systems that can be consumed by multiple instances. These shared file systems are provisioned from pre-existing, back-end volumes. The UI component provides the dashboard plugin for the service.
Security Fix(es):
- A cross-site scripting flaw was discovered in openstack-manila-ui’s Metadata field contained in its “Create Share” form. A user could inject malicious HTML/JavaScript code that would then be reflected in the “Shares” overview. Remote, authenticated, but unprivileged users could exploit this vulnerability to steal session cookies and escalate their privileges. (CVE-2016-6519)
Red Hat would like to thank SUSE for reporting this issue. SUSE acknowledges Niklaus Schiess as the original reporter.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 7 | noarch | openstack-manila-ui | < 2.1.0-2.el7ost | openstack-manila-ui-2.1.0-2.el7ost.noarch.rpm |
Related
ubuntucve
ubuntucve
CVE-2016-6519
2017-04-21 00:00:00
osv
osv
CVE-2016-6519
2017-04-21 15:59:00
veracode
veracode
Cross-site Scripting (XSS)
2019-01-15 09:13:58
Cross-site Scripting (XSS)
2017-04-24 00:58:29
redhat
redhat
(RHSA-2016:2116) Moderate: openstack-manila-ui security update
2016-10-26 14:12:09
(RHSA-2016:2115) Moderate: openstack-manila-ui security update
2016-10-26 14:12:06
github
github
Openstack Manila Persistent XSS in Metadata field
2022-05-13 01:07:29
debiancve
debiancve
CVE-2016-6519
2017-04-21 15:59:00
prion
prion
Cross site scripting
2017-04-21 15:59:00
cve
cve
CVE-2016-6519
2017-04-21 15:59:00
cvelist
cvelist
CVE-2016-6519
2017-04-21 15:00:00
nvd
nvd
CVE-2016-6519
2017-04-21 15:59:00