CVE-2016-5737

Published: Jan 12, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

The Gerrit configuration in the Openstack Puppet module for Gerrit (aka puppet-gerrit) improperly marks text/html as a safe mimetype, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a crafted review.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

91352

vdb-entry

x_refsource_BID

[oss-security] 20160622 Re: CVE Request Openstack-infra puppet-gerrit module xss vulnerability

mailing-list

x_refsource_MLIST

https://github.com/openstack-infra/puppet-gerrit/commit/8573c2ee172f66c1667de49685c88fdc8883ca8b

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-5737

Description

Affected Products

References