MEDIUM🇬🇧 English

CVE-2016-4946

CVSS 6.1v3.0pub. 2017-03-07upd. 2026-05-13

Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in the HUE Users page.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • Cloudera Hue

    APP
    Cloudera
    ≤ 3.9.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2025-3884HIGH7.5ten sam produkt

Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability. This vulnerability allows re...

CVE-2021-29994MEDIUM6.1ten sam produkt

Cloudera Hue 4.6.0 allows XSS.

CVE-2021-32481MEDIUM6.1ten sam produkt

Cloudera Hue 4.6.0 allows XSS via the type parameter.

CVE-2015-8094MEDIUM6.1ten sam produkt

Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitra...

CVE-2016-4947MEDIUM5.3ten sam produkt

Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api...