This vulnerability relates to the user’s browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC (<= 2.2.2) which runs in the user’s browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code.
[
{
"product": "Apache UIMA DUCC",
"vendor": "Apache",
"versions": [
{
"status": "affected",
"version": "Apache UIMA DUCC releases including and prior to 2.2.2"
}
]
}
]