15 results (0.027 seconds)

CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0

Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS. Cloudera Manager versiones 5.x, 6.x, 7.1.x, 7.2.x y 7.3.x, permiten un ataque de tipo XSS • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html https://my.cloudera.com/knowledge/TSB-2021-488-Cloudera-Manager-is-vulnerable-to-Cross-Site?id=322833 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0

Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the path parameter. Cloudera Manager versiones 5.x, 6.x, 7.1.x, 7.2.x y 7.3.x, permiten un ataque de tipo XSS por medio del parámetro path • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#cloudera_manager https://my.cloudera.com/knowledge/TSB-2021-488-Cloudera-Manager-is-vulnerable-to-Cross-Site?id=322833 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0

An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1. Malicious impala queries can result in Cross Site Scripting (XSS) when viewed within this product. Se detectó un problema en Cloudera Manager versiones 5.x anteriores a 5.16.2, versiones 6.0.x anteriores a 6.0.2 y versiones 6.1.x anteriores a 6.1.1. Las consultas impala maliciosas pueden resultar en un ataque de tipo Cross Site Scripting (XSS) cuando se visualizan dentro de este producto. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_sky_fq1_cjb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 11EXPL: 0

Cloudera Manager 5.7.x before 5.7.6, 5.8.x before 5.8.4, and 5.9.x before 5.9.1 allows XSS in the help search feature. Cloudera Manager versiones 5.7.x anteriores a 5.7.6, versiones 5.8.x anteriores a 5.8.4 y versiones 5.9.x anteriores a 5.9.1, permite un ataque de tipo XSS en la funcionalidad help search. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_210 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0

Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 5.10.x before 5.10.1 allows a read-only Cloudera Manager user to discover the usernames of other users and elevate the privileges of those users. Cloudera Manager versiones 5.8.x anteriores a 5.8.5, versiones 5.9.x anteriores a 5.9.2 y versiones 5.10.x anteriores a 5.10.1, permite a un usuario de solo lectura de Cloudera Manager descubrir los nombres de usuario de otros usuarios y elevar los privilegios de esos usuarios. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_tvf_34r_1cb • CWE-269: Improper Privilege Management •