MEDIUM 5.4
PYSEC-2026-662
Openstack Manila Persistent XSS in Metadata field
상세
Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
참고
- https://nvd.nist.gov/vuln/detail/CVE-2016-6519 [ADVISORY]
- https://github.com/openstack/manila-ui/commit/009913d725bee34cef0bd62e47a298025ace2696 [WEB]
- https://github.com/openstack/manila-ui/commit/89593686ef18f2bd06223b92071b4be2362a5abd [WEB]
- https://github.com/openstack/manila-ui/commit/fca19a1b0d42536644212c5d673fbd6866e67c43 [WEB]
- https://bugs.launchpad.net/manila-ui/+bug/1597738 [WEB]
- https://bugzilla.redhat.com/show_bug.cgi?id=1375147 [WEB]
- http://rhn.redhat.com/errata/RHSA-2016-2115.html [WEB]
- http://rhn.redhat.com/errata/RHSA-2016-2116.html [WEB]
- http://rhn.redhat.com/errata/RHSA-2016-2117.html [WEB]
- http://www.openwall.com/lists/oss-security/2016/09/15/7 [WEB]
- http://www.securityfocus.com/bid/93001 [WEB]
- https://pypi.org/project/manila-ui [PACKAGE]
- https://github.com/advisories/GHSA-vq76-5ghr-9p4v [ADVISORY]