Problem Statement : Ambari Files view is vulnerable to XSS attack, if the Filename of the file uploaded in HDFS contains XSS scripts.
1) login to files view
2) create a file called in your local system and upload it to files view: <svg onload= alert(document.domain)>
3) try to delete the file or edit permission of the file. the malciious XSS script will be executed in the Browser. this is a security Issue.
Please see attached screenshot