Lucene search
Veracode Vulnerability DatabaseVERACODE:31997HistorySep 08, 2021 - 8:42 a.m.
Cross-site Scripting (XSS)
2021-09-0808:42:36
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.006 Low
EPSS
Percentile
78.9%
org.apache.zeppelin is vulnerable to cross-site scripting. An attacker is able to exploit the vulnerability by injecting malicious scripts via the addValueToLine function.
| CPE | Name | Operator | Version |
|---|---|---|---|
| zeppelin: neo4j interpreter | le | 0.9.0-preview2 | |
| zeppelin: neo4j interpreter | le | 0.9.0-preview2 |
References
www.openwall.com/lists/oss-security/2021/09/02/3
lists.apache.org/thread.html/r31012f2c8e39a5e12e14c1de030012cb8b51c037d953d73b291b7b50@%3Cusers.zeppelin.apache.org%3E
lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d%40%3Cusers.zeppelin.apache.org%3E
lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d@%3Cannounce.apache.org%3E
lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d@%3Cusers.zeppelin.apache.org%3E
Related
cve
cve
CVE-2021-27578
2021-09-02 17:15:08
osv
osv
Cross-site Scripting in Apache Zeppelin
2021-09-07 22:55:56
CVE-2021-27578
2021-09-02 17:15:08
cnvd
cnvd
Apache Zeppelin Cross-Site Scripting Vulnerability
2021-09-03 00:00:00
prion
prion
Cross site scripting
2021-09-02 17:15:00
cvelist
cvelist
CVE-2021-27578 Cross Site Scripting in markdown interpreter
2021-09-02 00:00:00
nvd
nvd
CVE-2021-27578
2021-09-02 17:15:08
github
github
Cross-site Scripting in Apache Zeppelin
2021-09-07 22:55:56
gentoo
gentoo
Zeppelin: Multiple Vulnerabilities
2023-11-24 00:00:00
nessus
nessus
GLSA-202311-04 : Zeppelin: Multiple Vulnerabilities
2023-11-24 00:00:00