869 matches found
CVE-2017-3155
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting...
CVE-2017-3153
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality...
CVE-2017-3151
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality...
CVE-2017-3152
Apache Atlas is affected in versions 0.6.0-incubating and 0.7.0-incubating by a DOM-based XSS vulnerability in the edit-tag function. The CNVD entry describes an ability for a remote attacker to inject arbitrary web script or HTML, indicating browser-side script execution risk. The CVE entry conf...
CVE-2017-3150
Apache Atlas (v0.6.0-incubating and v0.7.0-incubating) is affected by an insecure cookie storage issue: cookies could be accessible to client-side scripts, exposing potentially sensitive data. This is documented across multiple sources (GHSA-WVMQ-W7M8-G9XM, OSV, CNVD, NVD entries). The CVE-2017-3...
CVE-2017-3153
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating are affected by a Reflected XSS vulnerability in the search functionality (CVE-2017-3153). The connected documents state the issue but do not provide root-cause details, exploit status, or remediation steps. No patch/version fix is speci...
CVE-2017-3152
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality...
CVE-2016-8752
Apache Atlas versions 0.6.0 incubating, 0.7.0 incubating, and 0.7.1 incubating allow access to the webapp directory contents by pointing to URIs like /js and /img...
CVE-2017-3150
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script...
CVE-2017-3151
Apache Atlas CVE-2017-3151 affects versions 0.6.0-incubating and 0.7.0-incubating, with a Stored Cross-Site Scripting flaw in the edit-tag functionality. Root cause details are not elaborated beyond the XSS issue; no exploit specifics are provided in the connected documents. The impact is implied...
CVE-2017-3155
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating are reported vulnerable to cross-site scripting (cross frame scripting). The connected documents confirm the affected product and vulnerability type but do not provide specific root-cause details, affected components, exploit information...
CVE-2017-3154
CVE-2017-3154 affects Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating. The underlying issue is that error responses reveal a stack trace, leading to information exposure. The available documents describe the vulnerability as an information-disclosure flaw but do not provide details on...
CVE-2017-3154
Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information...
atlasrealtyinc.com XSS vulnerability
Vulnerable URL: http://www.atlasrealtyinc.com/%3Cimg%20src=x%20onerror=alert'openbugbounty'%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 05.11.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website...
tampabay.wateratlas.usf.edu XSS vulnerability
Vulnerable URL: http://www.tampabay.wateratlas.usf.edu/coastal/waterquality.asp?wbodyatlas=gulf=1/-///'/"//--...
Apache Atlas Information Disclosure Vulnerability
Apache Atlas is a set of scalable and extensible core functional governance services from the Apache USA Software Foundation. An information disclosure vulnerability exists in Apache Atlas versions 0.6.0, 0.7.0, and 0.7.1. An attacker could exploit the vulnerability to obtain sensitive informatio...
Directory Traversal
Apache Atlas is vulnerable to directory traversal attacks. The attacks can be triggered because it does not properly handle URI input from the users, allowing an unauthorized access to webapp directory by using direct URIs such as /js or /img...
Cross-Site Scripting (XSS)
atlas-dashboardv2 is vulnerable to reflected cross-site scripting XSS attacks. The search function does not sanitize the search queries that are passed to the application, allowing a malicious user to inject and execute arbitrary javascript...
Cross Frame Scripting
atlas-dashboardv2 is vulnerable to cross frame scripting. The library allows the use of external frames on the index page, allowing a malicious user to inject and execute arbitrary javascript via an iframe...
Information Disclosure
atlas-webapp is vulnerable to information disclosure. The library prints sensitive information in its stack trace error logs. A malicious user can then access sensitive information stored on these logs...