CVE-2016-8751
published 2017-06-14CVE-2016-8751: Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary…
medium4.8CVSS 3.0
AVNACLPRHUIRSCCLILAN
Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | ranger | < 0.6.3 | 0.6.3 |
| apache_software_foundation | apache_ranger | — | — |
| apache_software_foundation | apache_ranger | — | — |