CVE-2016-6519Cross-site Scripting in Manila

CWE-79Cross-site Scripting11 documents7 sources
Severity
5.4MEDIUMNVD
EPSS
0.3%
top 44.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Openstack ManilaRedhat Openstack
Timeline
PublishedApr 21
Latest updateMay 13

Description

Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

NVDredhat/openstack7.0, 8, 9+2

🔴Vulnerability Details

4
GHSA
Openstack Manila Persistent XSS in Metadata field2022-05-13
OSV
Openstack Manila Persistent XSS in Metadata field2022-05-13
CVEList
CVE-2016-6519: Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 22017-04-21
OSV
CVE-2016-6519: Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 22017-04-21

📋Vendor Advisories

2
Red Hat
openstack-manila-ui: persistent XSS in metadata field2016-09-15
Debian
CVE-2016-6519: manila-ui - Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack M...2016

💬Community

4
Bugzilla
CVE-2016-6519 openstack-manila-ui: persistent XSS in metadata field [fedora-all]2016-09-16
Bugzilla
CVE-2016-6519 openstack-manila-ui: persistent XSS in metadata field [openstack-rdo]2016-09-16
Bugzilla
CVE-2016-6519 openstack-manila-ui: persistent XSS in metadata field [fedora-23]2016-09-16
Bugzilla
CVE-2016-6519 openstack-manila-ui: persistent XSS in metadata field2016-09-12
CVE-2016-6519 — Cross-site Scripting in Manila | cvebase