Apache Zeppelin is a Web-based open source laptop application from the Apache (USA) Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin suffers from a cross-site scripting vulnerability that stems from improper coding or escaping, which can be exploited by an attacker to modify helium.json and perform a cross-site scripting attack on a regular user.