CVE-2016-4946
Published on: 03/07/2017 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:26:58 PM UTC
Certain versions of Hue from Cloudera contain the following vulnerability:
Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in the HUE Users page.
- CVE-2016-4946 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 6.1 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
NETWORK | LOW | NONE | REQUIRED | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
CHANGED | LOW | LOW | NONE |
CVSS2 Score: 4.3 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | PARTIAL | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Third Party Advisory 2016.hack.lu application/pdf |
![]() | |
Cloudera HUE CVE-2016-4946 HTML Injection Vulnerability | cve.report (archive) text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Cloudera | Hue | All | All | All | All |
- cpe:2.3:a:cloudera:hue:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE