openstack-manila-ui: cross-site scripting
| Package(s): | openstack-manila-ui |
CVE #(s): | CVE-2016-6519
|
| Created: | October 27, 2016 |
Updated: | November 2, 2016 |
| Description: |
From the Red Hat advisory:
A cross-site scripting flaw was discovered in openstack-manila-ui's
Metadata field contained in its "Create Share" form. A user could inject
malicious HTML/JavaScript code that would then be reflected in the "Shares"
overview. Remote, authenticated, but unprivileged users could exploit this
vulnerability to steal session cookies and escalate their privileges.
(CVE-2016-6519) |
| Alerts: |
|
