Skip to main content

Manila

2 CVEs product

Monthly

CVE-2020-9543 PyPI HIGH POC PATCH This Week

OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Manila
NVD
CVSS 3.1
8.3
EPSS
1.2%
CVE-2016-6519 PyPI MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Openstack Manila
NVD
CVSS 3.0
5.4
EPSS
0.3%
EPSS 1% CVSS 8.3
HIGH POC PATCH This Week

OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Manila
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Openstack Manila
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy