Description

Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies.

Remediation

References

http://www.securityfocus.com/bid/92577

https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger

Related Vulnerabilities

CVE-2018-20677 Vulnerability in maven package org.webjars.bowergithub.twbs:bootstrap-sass

CVE-2020-2281 Vulnerability in maven package org.6wind.jenkins:lockable-resources

CVE-2019-10435 Vulnerability in maven package org.jenkins-ci.plugins:vault-scm-plugin

CVE-2023-3691 Vulnerability in npm package layui

CVE-2016-10608 Vulnerability in npm package robot-js

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory VDB Entry Vendor Advisory