Antonenko Alexander created AMBARI-25329:
--------------------------------------------
Summary: Ambari breadcrumbs xss vulnerability
Key: AMBARI-25329
URL: https://issues.apache.org/jira/browse/AMBARI-25329
Project: Ambari
Issue Type: Task
Components: ambari-web
Affects Versions: 2.7.4
Reporter: Antonenko Alexander
Fix For: 2.7.4
Special characters should be encoded when displayed in Ambari Views.
If special characters are not encoded, then scripts
({{<script>alert("xss!")</script>}}) may be executed due to user input. For
example, issues may occur by placing special character in the Display Name
field of an Ambari View.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
