Description

Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies.

Remediation

References

http://www.securityfocus.com/bid/92577

https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger

Related Vulnerabilities

CVE-2022-27340 Vulnerability in maven package net.mingsoft:ms-mcms

CVE-2023-47327 Vulnerability in maven package org.silverpeas.core:silverpeas-core-web

CVE-2017-5651 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2022-25940 Vulnerability in maven package org.webjars.npm:lite-server

CVE-2023-2479 Vulnerability in npm package appium-desktop

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory VDB Entry Vendor Advisory