ambari-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Kerzner <m...@elephantscale.com>
Subject Ambari XSS vulnerability?
Date Mon, 01 Jun 2015 13:54:40 GMT
Hi, all,

I think we have found this vulnerability, and it belongs to Ambari.

To reproduce:

1. Edit Flume configuration in Ambari
2. When adding a note, input a simple XSS script
3. Observe a dialog popup, annoyingly, three times, and then again.

I have not found a way to clean it up as yet.

Thank you,
Mark

-- 
Mark Kerzner, Managing Partner, Elephant Scale <http://elephantscale.com/>
Mobile: 713-724-2534, Skype: mark.kerzner1
https://www.linkedin.com/in/markkerzner
To schedule a meeting with me: http://www.meetme.so/markkerzner

Mime
View raw message