Apache Ranger is vulnerable to stored cross-site scripting (XSS) attacks. When entering custom policy conditions, admin users can store some arbitrary javascript code to be executed when normal users login and access policies.
CPE | Name | Operator | Version |
---|---|---|---|
common library for plugins | le | 0.6.2 |