CVE-2015-3186
Apache Ambari < 2.1.0 - Authenticated Stored Cross-Site Scripting via Configuration Note Field
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in Apache Ambari before 2.1.0 allows remote authenticated cluster operator users to inject arbitrary web script or HTML via the note field in a configuration change.
References (2)
Core 2
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/10/13/1
Vendor Advisory x_refsource_confirm
https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities
Scores
EPSS
0.0017
EPSS Percentile
37.9%
Details
CWE
CWE-79
Status
published
Products (4)
apache/ambari
1.7.0
apache/ambari
2.0.0
apache/ambari
2.0.1
apache/ambari
< 2.0.2
Published
Nov 02, 2015
Tracked Since
Feb 18, 2026