Description

Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies.

Remediation

References

https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger

http://www.securityfocus.com/bid/92577

Related Vulnerabilities

CVE-2017-16047 Vulnerability in npm package mysqljs

CVE-2022-36901 Vulnerability in maven package org.jenkins-ci.plugins:http_request

CVE-2023-24434 Vulnerability in maven package org.jenkins-ci.plugins:ghprb

CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa-beam-sql

CVE-2022-42466 Vulnerability in maven package org.apache.isis.extensions:isis-extensions-fullcalendar-applib

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory Third Party Advisory VDB Entry