Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in the HUE Users page.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NCloudera Hue
APPCloudera≤ 3.9.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
Related vulnerabilities
CVE-2025-3884HIGH7.5ten sam produkt
Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability. This vulnerability allows re...
CVE-2021-29994MEDIUM6.1ten sam produkt
Cloudera Hue 4.6.0 allows XSS.
CVE-2021-32481MEDIUM6.1ten sam produkt
Cloudera Hue 4.6.0 allows XSS via the type parameter.
CVE-2015-8094MEDIUM6.1ten sam produkt
Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitra...
CVE-2016-4947MEDIUM5.3ten sam produkt
Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api...