Description

Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies.

Remediation

References

http://www.securityfocus.com/bid/92577

https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger

Related Vulnerabilities

CVE-2015-1832 Vulnerability in maven package org.apache.derby:derby

CVE-2022-36881 Vulnerability in maven package org.jenkins-ci.plugins:git-client

CVE-2022-37767 Vulnerability in maven package io.pebbletemplates:pebble

CVE-2017-1000498 Vulnerability in maven package com.caverock:androidsvg

CVE-2020-15500 Vulnerability in maven package org.webjars.npm:tileserver-gl

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory VDB Entry Vendor Advisory