Lucene search
Veracode Vulnerability DatabaseVERACODE:3957HistoryApr 24, 2017 - 12:58 a.m.
Cross-site Scripting (XSS)
2017-04-2400:58:29
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
2
0.001 Low
EPSS
Percentile
47.5%
manila-ui is vulnerable to reflected cross-site scripting (XSS). The Create Share form takes user-supplied metadata and passes it to a call to mark_safe(). This allows remotely authenticated, but unprivileged users to insert JavaScript code.
References
rhn.redhat.com/errata/RHSA-2016-2115.html
rhn.redhat.com/errata/RHSA-2016-2116.html
rhn.redhat.com/errata/RHSA-2016-2117.html
seclists.org/oss-sec/2016/q3/515
www.openwall.com/lists/oss-security/2016/09/15/7
www.securityfocus.com/bid/93001
bugs.launchpad.net/manila-ui/+bug/1597738
bugzilla.redhat.com/show_bug.cgi?id=1375147
Related
ubuntucve
ubuntucve
CVE-2016-6519
2017-04-21 00:00:00
osv
osv
CVE-2016-6519
2017-04-21 15:59:00
redhat
redhat
(RHSA-2016:2116) Moderate: openstack-manila-ui security update
2016-10-26 14:12:09
(RHSA-2016:2117) Moderate: openstack-manila-ui security update
2016-10-26 14:12:12
(RHSA-2016:2115) Moderate: openstack-manila-ui security update
2016-10-26 14:12:06
github
github
Openstack Manila Persistent XSS in Metadata field
2022-05-13 01:07:29
veracode
veracode
Cross-site Scripting (XSS)
2019-01-15 09:13:58
debiancve
debiancve
CVE-2016-6519
2017-04-21 15:59:00
prion
prion
Cross site scripting
2017-04-21 15:59:00
cve
cve
CVE-2016-6519
2017-04-21 15:59:00
cvelist
cvelist
CVE-2016-6519
2017-04-21 15:00:00
nvd
nvd
CVE-2016-6519
2017-04-21 15:59:00