CVE-2016-5395

MEDIUM4.8EPSS 0.13%

Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML

Published: 10/17/2018Modified: 11/8/2023

Description

Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies.

Affected packages (1)

Maven/org.apache.ranger:rangerfrom 0, < 0.6.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.8	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

References (4)

ADVISORYhttps://github.com/advisories/GHSA-rf7q-xqm3-6923
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-5395
WEBhttps://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger
WEBhttp://www.securityfocus.com/bid/92577