Medium severity4.8NVD Advisory· Published Jun 14, 2017· Updated May 13, 2026

CVE-2016-8751

Description

Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.apache.ranger:rangerMaven	< 0.6.3	0.6.3

Affected products

Apache/Ranger
cpe:2.3:a:apache:ranger:*:*:*:*:*:*:*:*
Range: <0.6.3
Apache Software Foundation/Apache Rangerv5
Range: 0.5.x

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/99067nvdThird Party AdvisoryVDB EntryWEB
cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+RangernvdRelease NotesVendor AdvisoryWEB
github.com/advisories/GHSA-v7mf-qgxf-qmvfghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2016-8751ghsaADVISORY

News mentions

No linked articles in our index yet.

cvss	0.312
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000