CVE-2016-8751

Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies.

Date published : 2017-06-14

http://www.securityfocus.com/bid/99067

https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger