Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in the HUE Users page.
oryginał ENCVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NCloudera Hue
APPCloudera≤ 3.9.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Powiązane podatności
CVE-2025-3884HIGH7.5ten sam produkt
Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability. This vulnerability allows re...
CVE-2021-29994MEDIUM6.1ten sam produkt
Cloudera Hue 4.6.0 allows XSS.
CVE-2021-32481MEDIUM6.1ten sam produkt
Cloudera Hue 4.6.0 allows XSS via the type parameter.
CVE-2015-8094MEDIUM6.1ten sam produkt
Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitra...
CVE-2016-4947MEDIUM5.3ten sam produkt
Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api...