The Gerrit configuration in the Openstack Puppet module for Gerrit (aka puppet-gerrit) improperly marks text/html as a safe mimetype, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a crafted review.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2017-01-12T23:00:00
Updated: 2024-08-06T01:07:59.919Z
Reserved: 2016-06-22T00:00:00
Link: CVE-2016-5737
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-01-12T23:59:00.463
Modified: 2024-11-21T02:54:55.670
Link: CVE-2016-5737
Redhat
No data.