Zurück zur CVE-Übersicht
CVE-2016-5737
MEDIUM(4.3)AV:N/AC:M/Au:N/C:N/I:P/A:N
Risk Signal Score11/100 — NIEDRIG
- CVSS 4.3 — Mittel
EPSS-Score
0%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
4.3
Technische Schwere
Beschreibung
The Gerrit configuration in the Openstack Puppet module for Gerrit (aka puppet-gerrit) improperly marks text/html as a safe mimetype, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a crafted review.
Referenzen
- http://www.openwall.com/lists/oss-security/2016/06/22/2
- http://www.securityfocus.com/bid/91352
- https://github.com/openstack-infra/puppet-gerrit/commit/8573c2ee172f66c1667de496...
- http://www.openwall.com/lists/oss-security/2016/06/22/2
- http://www.securityfocus.com/bid/91352
- https://github.com/openstack-infra/puppet-gerrit/commit/8573c2ee172f66c1667de496...