CVE-2015-3186

CWE-79Cross-site Scripting (XSS)5 documents4 sources
Severity
3.5LOW
EPSS
0.2%
top 61.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Ambari
Timeline
PublishedNov 2
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in Apache Ambari before 2.1.0 allows remote authenticated cluster operator users to inject arbitrary web script or HTML via the note field in a configuration change.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

NVDapache/ambari2.0.2+3

🔴Vulnerability Details

2
GHSA
GHSA-29x2-2gr6-gm32: Cross-site scripting (XSS) vulnerability in Apache Ambari before 22022-05-17
CVEList
CVE-2015-3186: Cross-site scripting (XSS) vulnerability in Apache Ambari before 22015-11-02

💬Community

2
Bugzilla
CVE-2015-5210 CVE-2015-3186 CVE-2015-3270 CVE-2015-1775 Apache Ambari: multiple flaws fixed in 2.1.22015-10-19
Bugzilla
CVE-2015-3186 CVE-2015-3270 CVE-2015-5210 CVE-2015-1775 Apache Ambari: multiple flaws fixed in 2.1.2 [fedora-all]2015-10-19
CVE-2015-3186 (LOW CVSS 3.5) | Cross-site scripting (XSS) vulnerab | cvebase.io