Medium severity6.1NVD Advisory· Published Jan 12, 2017· Updated Jun 17, 2026

CVE-2016-5737

Description

The Gerrit configuration in the Openstack Puppet module for Gerrit (aka puppet-gerrit) improperly marks text/html as a safe mimetype, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a crafted review.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

OpenStack/puppet-gerrit2 versions
cpe:2.3:a:openstack:puppet-gerrit:-:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:openstack:puppet-gerrit:-:*:*:*:*:*:*:*
- (no CPE)

Patches

Vulnerability mechanics

References

www.openwall.com/lists/oss-security/2016/06/22/2nvdIssue TrackingPatchThird Party Advisory
github.com/openstack-infra/puppet-gerrit/commit/8573c2ee172f66c1667de49685c88fdc8883ca8bnvdIssue TrackingPatchThird Party Advisory
www.securityfocus.com/bid/91352nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000