Lucene search
Veracode Vulnerability DatabaseVERACODE:46391HistoryApr 12, 2024 - 5:18 p.m.
Cross-site Scripting (XSS)
2024-04-1217:18:19
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
cross-site scripting
apache zeppelin
vulnerability
improper encoding
escaping
helium module
malicious scripts
software
Apache Zeppelin is vulnerable to Cross-site Scripting (XSS). The vulnerability is due to improper encoding or escaping of output in the helium module. An attacker can modify helium.json and perform attacks on normal users by injecting malicious scripts.
Related
cvelist
cvelist
CVE-2024-31868 Apache Zeppelin: XSS vulnerability in the helium module
2024-04-09 16:10:30
cnvd
cnvd
Apache Zeppelin Cross-Site Scripting Vulnerability (CNVD-2024-17939)
2024-04-11 00:00:00
vulnrichment
vulnrichment
CVE-2024-31868 Apache Zeppelin: XSS vulnerability in the helium module
2024-04-09 16:10:30
cve
cve
CVE-2024-31868
2024-04-09 16:15:08
nvd
nvd
CVE-2024-31868
2024-04-09 16:15:08
osv
osv
Apache Zeppelin vulnerable to cross-site scripting in the helium module
2024-04-09 18:30:22
github
github
Apache Zeppelin vulnerable to cross-site scripting in the helium module
2024-04-09 18:30:22