CVE-2016-4948
CVE-2016-4948 concerns multiple cross-site scripting (XSS) flaws in Cloudera Manager 5.5 and earlier. An attacker could inject arbitrary scripts via user-supplied input in (1) Template Name when renaming a template, (2) KDC Server host, (3) Kerberos Security Realm, (4) Kerberos Encryption Types, ...