1 results (0.003 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

The Gerrit configuration in the Openstack Puppet module for Gerrit (aka puppet-gerrit) improperly marks text/html as a safe mimetype, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a crafted review. La configuración de Gerrit en el módulo Openstack Puppet para Gerrit (también conocido como puppet-gerrit) marca indebidamente text/html como un mimetype seguro, lo que podrían permitir a atacantes remotos llevar a cabo ataques XSS a través de una revisión manipulada. • http://www.openwall.com/lists/oss-security/2016/06/22/2 http://www.securityfocus.com/bid/91352 https://github.com/openstack-infra/puppet-gerrit/commit/8573c2ee172f66c1667de49685c88fdc8883ca8b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •