Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
trunk, 2.6.2, 2.7.4
Description
Problem Statement : Ambari Files view is vulnerable to XSS attack, if the Filename of the file uploaded in HDFS contains XSS scripts.
Reproduction :
1) login to files view
2) create a file called in your local system and upload it to files view: <svg onload= alert(document.domain)>
3) try to delete the file or edit permission of the file. the malciious XSS script will be executed in the Browser. this is a security Issue.
Please see attached screenshot
Attachments
Attachments
Issue Links
- links to