CVE-2016-6519
openstack-manila-ui: persistent XSS in metadata field
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form.
La vulnerabilidad XSS en la vista general de los "Shares" en Openstack Manila en versiones anteriores a 2.5.1 permite a usuarios no autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del campo Metadata en el formulario "Create Share".
A cross-site scripting flaw was discovered in openstack-manila-ui's Metadata field contained in its "Create Share" form. A user could inject malicious HTML/JavaScript code that would then be reflected in the "Shares" overview. Remote, authenticated, but unprivileged users could exploit this vulnerability to steal session cookies and escalate their privileges.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-08-02 CVE Reserved
- 2016-10-26 CVE Published
- 2023-11-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2016/09/15/7 | Mailing List | |
http://www.securityfocus.com/bid/93001 | Vdb Entry | |
https://bugs.launchpad.net/manila-ui/+bug/1597738 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2016-2115.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2016-2116.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2016-2117.html | 2023-11-07 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1375147 | 2016-10-26 | |
https://access.redhat.com/security/cve/CVE-2016-6519 | 2016-10-26 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 7.0 Search vendor "Redhat" for product "Openstack" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 8 Search vendor "Redhat" for product "Openstack" and version "8" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 9 Search vendor "Redhat" for product "Openstack" and version "9" | - |
Affected
| ||||||
Openstack Search vendor "Openstack" | Manila Search vendor "Openstack" for product "Manila" | <= 2.5 Search vendor "Openstack" for product "Manila" and version " <= 2.5" | - |
Affected
|