Cross-Site Scripting (XSS)
org.apache.zeppelin, zeppelin-web is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to an incomplete blacklist of user input, which allows an attacker to inject malicious scripts and execute them in a victim’s browser...