Apache · Apache Ambari · CVE-2015-3186
**Name of the Vulnerable Software and Affected Versions**
Apache Ambari versions prior to 2.1.0
**Description**
A cross-site scripting (XSS) issue allows remote authenticated cluster operator users to inject arbitrary web script or HTML via the note field in a configuration change.
**Recommendations**
For versions prior to 2.1.0, update to version 2.1.0 or later to resolve the issue.