Cloudera HUE =< 3.9.0 is vulnerable to multiple stored XSS:
Username
, First name
and Last name
fields of a user profile. This can be triggered while logging in with the account.Group Name
field of group creation. This can be triggered when sharing an item.