Cross-Site Scripting Vulnerability in Cloudera Manager by Cloudera

CVE-2016-9271

What is CVE-2016-9271?

Cloudera Manager versions prior to 5.7.6, 5.8.4, and 5.9.1 are susceptible to a cross-site scripting (XSS) vulnerability through the help search feature. This security flaw may allow attackers to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized actions or data theft. It is crucial for users of Cloudera Manager to upgrade to the latest versions to mitigate this security risk.

References