12 matches found
GHSA-F2HP-QW27-8WFQ Apache Storm UI: Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata
Stored Cross-Site Scripting XSS via Unsanitized Topology Metadata in Apache Storm UI Versions Affected: before 2.8.6 Description: The Storm UI visualization component interpolates topology metadata including component IDs, stream names, and grouping values directly into HTML via innerHTML in...
EUVD-2026-21904
Stored Cross-Site Scripting XSS via Unsanitized Topology Metadata in Apache Storm UI Versions Affected: before 2.8.6 Description: The Storm UI visualization component interpolates topology metadata including component IDs, stream names, and grouping values directly into HTML via innerHTML in...
Apache Storm UI: Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata
Stored Cross-Site Scripting XSS via Unsanitized Topology Metadata in Apache Storm UI Versions Affected: before 2.8.6 Description: The Storm UI visualization component interpolates topology metadata including component IDs, stream names, and grouping values directly into HTML via innerHTML in...
CVE-2026-35565
Stored Cross-Site Scripting XSS via Unsanitized Topology Metadata in Apache Storm UI Versions Affected: before 2.8.6 Description: The Storm UI visualization component interpolates topology metadata including component IDs, stream names, and grouping values directly into HTML via innerHTML in...
CVE-2026-35565
The CVE affects Apache Storm UI before 2.8.6. The Storm UI visualization component interpolates topology metadata (component IDs, stream names, grouping values) directly into HTML via innerHTML in parseNode() and parseEdge() without sanitization, enabling stored XSS when an authenticated user wit...
CVE-2026-35565 Apache Storm UI: Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata in Storm UI
Stored Cross-Site Scripting XSS via Unsanitized Topology Metadata in Apache Storm UI Versions Affected: before 2.8.6 Description: The Storm UI visualization component interpolates topology metadata including component IDs, stream names, and grouping values directly into HTML via innerHTML in...
CVE-2026-35565 Apache Storm UI: Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata in Storm UI
Stored Cross-Site Scripting XSS via Unsanitized Topology Metadata in Apache Storm UI Versions Affected: before 2.8.6 Description: The Storm UI visualization component interpolates topology metadata including component IDs, stream names, and grouping values directly into HTML via innerHTML in...
PT-2026-32329
Stored Cross-Site Scripting XSS via Unsanitized Topology Metadata in Apache Storm UI Versions Affected: before 2.8.6 Description: The Storm UI visualization component interpolates topology metadata including component IDs, stream names, and grouping values directly into HTML via innerHTML in...
EUVD-2019-0613
Malware in sbrugna...
GHSA-25PC-85QF-6J69 Deserialization of Untrusted Data in Apache Storm
In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class...
Security feature bypass
In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class...
CVE-2018-11779
In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class...