CVE-2016-4946: XSS
First published: Tue Mar 07 2017(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in the HUE Users page.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cloudera Hue | <=3.9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-4946?
CVE-2016-4946 is classified as having a moderate severity level due to its potential for remote exploitation through cross-site scripting.
How do I fix CVE-2016-4946?
To fix CVE-2016-4946, upgrade Cloudera HUE to version 3.10.0 or newer where the XSS vulnerabilities have been addressed.
What are the attack vectors for CVE-2016-4946?
The attack vectors for CVE-2016-4946 include injecting arbitrary web script or HTML into the First name or Last name fields on the HUE Users page.
What impacts can CVE-2016-4946 have on affected systems?
CVE-2016-4946 can lead to session hijacking, user impersonation, or redirecting users to malicious sites due to successful XSS attacks.
Which versions of Cloudera HUE are affected by CVE-2016-4946?
CVE-2016-4946 affects all versions of Cloudera HUE prior to version 3.10.0, specifically up to and including 3.9.0.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- vendor/cloudera
- canonical/cloudera hue
- version/cloudera hue/3.9.0