MEDIUM
Openstack
CVE published 2017-01-12
CVE-2016-5737
CVE-2016-5737 is a cross-site scripting issue in OpenStack's puppet-gerrit configuration. The problem is that text/html is incorrectly marked as a safe mimetype, which can let a crafted review render as active HTML in a user's browser. The issue was publicly recorded by NVD on 2017-01-12, with a patch reference already available in the upstream commit and oss-security disclosure referenced by the CVE record.