Description

Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies.

Remediation

References

http://www.securityfocus.com/bid/92577

https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger

Related Vulnerabilities

CVE-2021-32859 Vulnerability in maven package org.webjars.npm:github-com-baremetrics-calendar

CVE-2018-9207 Vulnerability in maven package org.webjars:jquery-file-upload

CVE-2016-5019 Vulnerability in maven package org.apache.myfaces.trinidad:trinidad-impl

CVE-2019-3875 Vulnerability in maven package org.keycloak:keycloak-services

CVE-2020-7760 Vulnerability in maven package org.webjars.bowergithub.components:codemirror

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory VDB Entry Vendor Advisory