Medium severity4.8NVD Advisory· Published Sep 26, 2016· Updated Jun 17, 2026
CVE-2016-5395
CVE-2016-5395
Description
Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.ranger:rangerMaven | < 0.6.1 | 0.6.1 |
Affected products
6Patches
Vulnerability mechanics
References
4- www.securityfocus.com/bid/92577nvdThird Party AdvisoryVDB EntryWEB
- cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+RangernvdVendor AdvisoryWEB
- github.com/advisories/GHSA-rf7q-xqm3-6923ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-5395ghsaADVISORY
News mentions
0No linked articles in our index yet.