Common Vulnerabilities and Exposures
- CVE-2016-5395: Apache Ranger Stored Cross Site Scripting vulnerability - Severity: Moderate - Vendor: Hortonworks - Versions Affected: All HDP 2.3/2.4 versions including Apache Ranger versions 0.5.x - Users Affected: All users of ranger policy admin tool. - Impact: Apache Ranger was found to be vulnerable to a Stored Cross-Site Scripting in the create user functionality. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies. See RANGER-1124. - Fix detail: Added logic to sanitize the user input. - Recommended Action: Users should upgrade to HDP 2.5+ (with Apache Ranger 0.6.1+) 

