07 Mar 2017
CVE-2016-4948 - CVE Vulnerability
Multiple cross-site scripting (XSS) vulnerabilities in Cloudera Manager 5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Template Name field when renaming a template; (2) KDC Server host, (3) Kerberos Security Realm, (4) Kerberos Encryption Types, (5) Advanced Configuration Snippet (Safety Vavle) for [libdefaults] section of krb5.conf, (6) Advanced Configuration Snippet (Safety Vavle) for the Default Realm in krb5.conf, (7) Advanced Configuration Snippet (Safety Vavle) for remaining krb5.conf, or (8) Active Directory Account Prefix fields in the Kerberos wizard; or (9) classicWizard parameter to cmf/cloudera-director/redirect. (CVSS:0.0) (Last Update:2017-03-07)
Vulnerability Details : Multiple cross-site scripting (XSS) vulnerabilities in Cloudera Manager 5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Template Name field when renaming a template; (2) KDC Server host, (3) Kerberos Security Realm, (4) Kerberos Encryption Types, (5) Advanced Configuration Snippet (Safety Vavle) for [libdefaults] section of krb5.conf, (6) Advanced Configuration Snippet (Safety Vavle) for the Default Realm in krb5.conf, (7) Advanced Configuration Snippet (Safety Vavle) for remaining krb5.conf, or (8) Active Directory Account Prefix fields in the Kerberos wizard; or (9) classicWizard parameter to cmf/cloudera-director/redirect. Publish Date : 2017-03-07 Last Update Date : 2017-03-07 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2016-4948
- References For CVE-2016-4948
| ||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2016-4948There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |