CVE-2016-6519

Related Files

Red Hat Security Advisory 2016-2117-01

Posted Oct 26, 2016

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2117-01 - OpenStack's File Share Service provides the means to easily provision shared file systems that can be consumed by multiple instances. These shared file systems are provisioned from pre-existing, back-end volumes. The UI component provides the dashboard plugin for the service. Security Fix: A cross-site scripting flaw was discovered in openstack-manila-ui's Metadata field contained in its "Create Share" form. A user could inject malicious HTML/JavaScript code that would then be reflected in the "Shares" overview. Remote, authenticated, but unprivileged users could exploit this vulnerability to steal session cookies and escalate their privileges.

tags | advisory, remote, javascript, xss

systems | linux, redhat

advisories | CVE-2016-6519

SHA-256 | e3745470c67fadf948bd32c8e4a2199fc2b2887dc551d030c708eae080865c05

Download | Favorite | View

Red Hat Security Advisory 2016-2115-01

Posted Oct 26, 2016

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2115-01 - OpenStack's File Share Service provides the means to easily provision shared file systems that can be consumed by multiple instances. These shared file systems are provisioned from pre-existing, back-end volumes. The UI component provides the dashboard plugin for the service. Security Fix: A cross-site scripting flaw was discovered in openstack-manila-ui's Metadata field contained in its "Create Share" form. A user could inject malicious HTML/JavaScript code that would then be reflected in the "Shares" overview. Remote, authenticated, but unprivileged users could exploit this vulnerability to steal session cookies and escalate their privileges.

tags | advisory, remote, javascript, xss

systems | linux, redhat

advisories | CVE-2016-6519

SHA-256 | d404a42f76e49cbb35e2255dc2c142aa737b8716fe2629ad07586e19e27d0604

Download | Favorite | View

Red Hat Security Advisory 2016-2116-01

Posted Oct 26, 2016

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2116-01 - OpenStack's File Share Service provides the means to easily provision shared file systems that can be consumed by multiple instances. These shared file systems are provisioned from pre-existing, back-end volumes. The UI component provides the dashboard plugin for the service. Security Fix: A cross-site scripting flaw was discovered in openstack-manila-ui's Metadata field contained in its "Create Share" form. A user could inject malicious HTML/JavaScript code that would then be reflected in the "Shares" overview. Remote, authenticated, but unprivileged users could exploit this vulnerability to steal session cookies and escalate their privileges.

tags | advisory, remote, javascript, xss

systems | linux, redhat

advisories | CVE-2016-6519

SHA-256 | 31f6ebcd49229370b7f2900ffe40967c957825bf8faed803d57574a2a24010a2

Download | Favorite | View