Lucene search
Veracode Vulnerability DatabaseVERACODE:12203HistoryJan 15, 2019 - 9:13 a.m.
Cross-site Scripting (XSS)
2019-01-1509:13:58
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
1
0.001 Low
EPSS
Percentile
47.5%
manila-ui is vulnerable to reflected cross-site scripting (XSS). The Create Share form takes user-supplied metadata and passes it to a call to mark_safe(). This allows remotely authenticated, but unprivileged users to insert JavaScript code.
References
rhn.redhat.com/errata/RHSA-2016-2115.html
rhn.redhat.com/errata/RHSA-2016-2116.html
rhn.redhat.com/errata/RHSA-2016-2117.html
www.openwall.com/lists/oss-security/2016/09/15/7
www.securityfocus.com/bid/93001
access.redhat.com/security/updates/classification/#moderate
bugs.launchpad.net/manila-ui/+bug/1597738
bugzilla.redhat.com/show_bug.cgi?id=1375147
rhn.redhat.com/errata/RHSA-2016-2115.html
Related
cvelist
cvelist
CVE-2016-6519
2017-04-21 15:00:00
nvd
nvd
CVE-2016-6519
2017-04-21 15:59:00
redhat
redhat
(RHSA-2016:2116) Moderate: openstack-manila-ui security update
2016-10-26 14:12:09
(RHSA-2016:2117) Moderate: openstack-manila-ui security update
2016-10-26 14:12:12
(RHSA-2016:2115) Moderate: openstack-manila-ui security update
2016-10-26 14:12:06
github
github
Openstack Manila Persistent XSS in Metadata field
2022-05-13 01:07:29
ubuntucve
ubuntucve
CVE-2016-6519
2017-04-21 00:00:00
osv
osv
CVE-2016-6519
2017-04-21 15:59:00
debiancve
debiancve
CVE-2016-6519
2017-04-21 15:59:00
prion
prion
Cross site scripting
2017-04-21 15:59:00
cve
cve
CVE-2016-6519
2017-04-21 15:59:00
veracode
veracode
Cross-site Scripting (XSS)
2017-04-24 00:58:29