ambari-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Kerzner <>
Subject Ambari XSS vulnerability?
Date Mon, 01 Jun 2015 13:54:40 GMT
Hi, all,

I think we have found this vulnerability, and it belongs to Ambari.

To reproduce:

1. Edit Flume configuration in Ambari
2. When adding a note, input a simple XSS script
3. Observe a dialog popup, annoyingly, three times, and then again.

I have not found a way to clean it up as yet.

Thank you,

Mark Kerzner, Managing Partner, Elephant Scale <>
Mobile: 713-724-2534, Skype: mark.kerzner1
To schedule a meeting with me:

View raw message