CVE-2016-6519
published 2017-04-21CVE-2016-6519: Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web…
medium5.4CVSS 3.0
AVNACLPRLUIRSCCLILAN
Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | manila-ui | < manila-ui 2.5.1-0 (bookworm) | manila-ui 2.5.1-0 (bookworm) |
| openstack | manila | <= 2.5 | — |
| redhat | openstack | — | — |
| redhat | openstack | — | — |
| redhat | openstack | — | — |
CVSS provenance
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
osv5.4MEDIUM