{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-09-15T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the \"Shares\" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the \"Create Share\" form."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:15:37", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"name": "RHSA-2016:2115", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2115.html"}, {"name": "RHSA-2016:2117", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2117.html"}, {"name": "RHSA-2016:2116", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2116.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/manila-ui/+bug/1597738"}, {"name": "93001", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93001"}, {"name": "[oss-security] 20160915 CVE-2016-6519: openstack-manila: Persistent XSS in Metadata field", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/09/15/7"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375147"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "ID": "CVE-2016-6519", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the \"Shares\" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the \"Create Share\" form."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2016:2115", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2115.html"}, {"name": "RHSA-2016:2117", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2117.html"}, {"name": "RHSA-2016:2116", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2116.html"}, {"name": "https://bugs.launchpad.net/manila-ui/+bug/1597738", "refsource": "CONFIRM", "url": "https://bugs.launchpad.net/manila-ui/+bug/1597738"}, {"name": "93001", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93001"}, {"name": "[oss-security] 20160915 CVE-2016-6519: openstack-manila: Persistent XSS in Metadata field", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/09/15/7"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1375147", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375147"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:29:20.320Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2016:2115", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2115.html"}, {"name": "RHSA-2016:2117", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2117.html"}, {"name": "RHSA-2016:2116", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2116.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.launchpad.net/manila-ui/+bug/1597738"}, {"name": "93001", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/93001"}, {"name": "[oss-security] 20160915 CVE-2016-6519: openstack-manila: Persistent XSS in Metadata field", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/09/15/7"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375147"}]}]}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2016-6519", "datePublished": "2017-04-21T15:00:00", "dateReserved": "2016-08-02T00:00:00", "dateUpdated": "2024-08-06T01:29:20.320Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9DAA72A4-AC7D-4544-89D4-5B07961D5A95", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*", "matchCriteriaId": "E8B8C725-34CF-4340-BE7B-37E58CF706D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*", "matchCriteriaId": "F40C26BE-56CB-4022-A1D8-3CA0A8F87F4B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:manila:*:*:*:*:*:*:*:*", "matchCriteriaId": "4F6A85FE-13AF-495E-A434-87ED5AA65C80", "versionEndIncluding": "2.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the \"Shares\" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the \"Create Share\" form."}, {"lang": "es", "value": "La vulnerabilidad XSS en la vista general de los \"Shares\" en Openstack Manila en versiones anteriores a 2.5.1 permite a usuarios no autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del campo Metadata en el formulario \"Create Share\"."}], "id": "CVE-2016-6519", "lastModified": "2024-11-21T02:56:16.933", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-21T15:59:00.537", "references": [{"source": "security@opentext.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-2115.html"}, {"source": "security@opentext.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-2116.html"}, {"source": "security@opentext.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-2117.html"}, {"source": "security@opentext.com", "url": "http://www.openwall.com/lists/oss-security/2016/09/15/7"}, {"source": "security@opentext.com", "url": "http://www.securityfocus.com/bid/93001"}, {"source": "security@opentext.com", "url": "https://bugs.launchpad.net/manila-ui/+bug/1597738"}, {"source": "security@opentext.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375147"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-2115.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-2116.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-2117.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2016/09/15/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/93001"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.launchpad.net/manila-ui/+bug/1597738"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375147"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank SUSE for reporting this issue. Upstream acknowledges Niklaus Schiess as the original reporter.", "affected_release": [{"advisory": "RHSA-2016:2115", "cpe": "cpe:/a:redhat:openstack:7::el7", "package": "openstack-manila-ui-0:1.0.1-3.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7", "release_date": "2016-10-26T00:00:00Z"}, {"advisory": "RHSA-2016:2116", "cpe": "cpe:/a:redhat:openstack:8::el7", "package": "openstack-manila-ui-0:1.2.0-2.el7ost", "product_name": "Red Hat OpenStack Platform 8.0 (Liberty)", "release_date": "2016-10-26T00:00:00Z"}, {"advisory": "RHSA-2016:2117", "cpe": "cpe:/a:redhat:openstack:9::el7", "package": "openstack-manila-ui-0:2.1.0-2.el7ost", "product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)", "release_date": "2016-10-26T00:00:00Z"}], "bugzilla": {"description": "openstack-manila-ui: persistent XSS in metadata field", "id": "1375147", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375147"}, "csaw": false, "cvss": {"cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "status": "verified"}, "cvss3": {"cvss3_base_score": "4.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N", "status": "verified"}, "cwe": "CWE-79", "details": ["Cross-site scripting (XSS) vulnerability in the \"Shares\" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the \"Create Share\" form.", "A cross-site scripting flaw was discovered in openstack-manila-ui's Metadata field contained in its \"Create Share\" form. A user could inject malicious HTML/JavaScript code that would then be reflected in the \"Shares\" overview. Remote, authenticated, but unprivileged users could exploit this vulnerability to steal session cookies and escalate their privileges."], "name": "CVE-2016-6519", "package_state": [{"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Not affected", "package_name": "openstack-manila-ui", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}], "public_date": "2016-09-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-6519\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6519"], "threat_severity": "Moderate"}