Описание
Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form.
A cross-site scripting flaw was discovered in openstack-manila-ui's Metadata field contained in its "Create Share" form. A user could inject malicious HTML/JavaScript code that would then be reflected in the "Shares" overview. Remote, authenticated, but unprivileged users could exploit this vulnerability to steal session cookies and escalate their privileges.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenStack Platform 10 (Newton) | openstack-manila-ui | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 | openstack-manila-ui | Fixed | RHSA-2016:2115 | 26.10.2016 |
| Red Hat OpenStack Platform 8.0 (Liberty) | openstack-manila-ui | Fixed | RHSA-2016:2116 | 26.10.2016 |
| Red Hat OpenStack Platform 9.0 (Mitaka) | openstack-manila-ui | Fixed | RHSA-2016:2117 | 26.10.2016 |
Показывать по
Дополнительная информация
Статус:
4.1 Medium
CVSS3
3.5 Low
CVSS2
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form.
Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form.
Cross-site scripting (XSS) vulnerability in the "Shares" overview in O ...
Openstack Manila Persistent XSS in Metadata field
4.1 Medium
CVSS3
3.5 Low
CVSS2