Details
Description
Problem Statement : There is an Risk of potential Script execution if the description field is given malcisous XSS script . (details below)
Steps 1 : Log in and click HUE
Step 2. : Navigate to Document Tab -> click on New -> seect Hive Query
Step 3 : type some random query -> Click on Save - > on the popup give
name : Some Random Name
Description : ><<<script>prompt()
Step 4 : save the Document
Step 5 : On the left panel > navigate to Documents -> find the document just saved ->t> click on the icon the ℹ️ -> you will find the Script being executed.
attached