CVE-2018-5798 – Cross-site scripting vulnerability in Cloudera Manager – Part 2
Author: Shafeeque Olassery Kunnikkal | Category: Cross Site Scripting, CVE-2018-5798, Cyber Security | Leave a Comment

Below is the details of the reflected XSS , I have found in Cloudera Enterprise. More details can be found here :- https://www.cloudera.com/documentation/other/securitybulletins/topics/Security-Bulletin.html#DOCS-3186
Login to Cloudera manager using credentials
admin:admin
1. Navigate the following URL which includes the XSS Payload.
2. Navigate the following URL in browser after login to Cloudera Manager, use these credentials for login:- admin:admin
Will see the XSS payload executed as shown in the image below.
