Lucene search
China National Vulnerability DatabaseCNVD-2024-17939HistoryApr 11, 2024 - 12:00 a.m.
Apache Zeppelin Cross-Site Scripting Vulnerability (CNVD-2024-17939)
2024-04-1100:00:00
China National Vulnerability Database
www.cnvd.org.cn
6
apache zeppelin
web-based
open source
laptop application
interactive data analysis
collaborative documentation
cross-site scripting
vulnerability
improper coding
escaping
helium.json
attack
regular user
Apache Zeppelin is a Web-based open source laptop application from the Apache (USA) Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin suffers from a cross-site scripting vulnerability that stems from improper coding or escaping, which can be exploited by an attacker to modify helium.json and perform a cross-site scripting attack on a regular user.
Related
cvelist
cvelist
CVE-2024-31868 Apache Zeppelin: XSS vulnerability in the helium module
2024-04-09 16:10:30
vulnrichment
vulnrichment
CVE-2024-31868 Apache Zeppelin: XSS vulnerability in the helium module
2024-04-09 16:10:30
veracode
veracode
Cross-site Scripting (XSS)
2024-04-12 17:18:19
nvd
nvd
CVE-2024-31868
2024-04-09 16:15:08
osv
osv
Apache Zeppelin vulnerable to cross-site scripting in the helium module
2024-04-09 18:30:22
github
github
Apache Zeppelin vulnerable to cross-site scripting in the helium module
2024-04-09 18:30:22
cve
cve
CVE-2024-31868
2024-04-09 16:15:08