uima-ducc-web is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject arbitrary Javascript into a victim’s browser via multiple parameters due to the lack of output encoding.
CPE | Name | Operator | Version |
---|---|---|---|
uima-ducc-web | le | 2.2.2 | |
uima-ducc-web | le | 2.2.2 |