Skip to main content

Hue

6 CVEs product

Monthly

CVE-2025-3884 HIGH This Month

Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal Hue
NVD
CVSS 3.0
7.5
EPSS
9.8%
CVE-2021-32481 MEDIUM This Month

Cloudera Hue 4.6.0 allows XSS via the type parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hue
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-29994 MEDIUM This Month

Cloudera Hue 4.6.0 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hue
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2018-11649 MEDIUM POC This Month

Hue 3.12 has XSS via the /pig/save/ name and script parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hue
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2016-4947 npm MEDIUM This Month

Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hue
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-4946 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hue
NVD
CVSS 3.0
6.1
EPSS
0.2%
EPSS 10% CVSS 7.5
HIGH This Month

Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal Hue
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Cloudera Hue 4.6.0 allows XSS via the type parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hue
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Cloudera Hue 4.6.0 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hue
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Hue 3.12 has XSS via the /pig/save/ name and script parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hue
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hue
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hue
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy