CVE-2016-6519 — Openstack Manila Persistent XSS in Metadata field

Description

Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form.

How to fix CVE-2016-6519

To remediate CVE-2016-6519, upgrade the affected package to a fixed version below.

Debian/manila-ui—upgrade to 2.5.1-0 or later
—upgrade to 2.5.1 or later

Is CVE-2016-6519 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 2.5.1-0
from 0, < 2.5.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.4	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References (12)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2016-6519
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2016-6519
WEBrhn.redhat.com/errata/RHSA-2016-2115.html
WEBrhn.redhat.com/errata/RHSA-2016-2116.html
WEB