Description

Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies.

Remediation

References

https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger

http://www.securityfocus.com/bid/92577

Related Vulnerabilities

CVE-2020-16022 Vulnerability in npm package electron

CVE-2021-25947 Vulnerability in npm package nestie

CVE-2009-2901 Vulnerability in maven package org.apache.tomcat:catalina

CVE-2011-2204 Vulnerability in maven package tomcat:catalina

CVE-2023-35146 Vulnerability in maven package org.jenkins.plugin.templateworkflows:template-workflows

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory Third Party Advisory VDB Entry