2 matches found
CVE-2018-15913
An issue was discovered in Cloudera Manager 5.x through 5.15.0. One type of page in Cloudera Manager uses a 'returnUrl' parameter to redirect the user to another page in Cloudera Manager once a wizard is completed. The validity of this parameter was not checked. As a result, the user could be...
CVE-2018-15913
CVE-2018-15913 affects Cloudera Manager versions 5.x through 5.15.0. An unchecked returnUrl parameter on a wizard page can redirect to external sites or trigger malicious JavaScript-based XSS. The fix implemented was to disallow any returnUrl values that match patterns like http://, https://, //,...