Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:7046
HistoryJul 13, 2018 - 1:34 a.m.

Cross-Site Scripting (XSS)

2018-07-1301:34:27
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10

EPSS

0.001

Percentile

16.0%

JSON

spark-core is vulnerable to cross-site scripting (XSS). An attacker is able to inject arbitrary script into a user’s browser by constructing a URL that points to a Spark cluster’s job and stage information pages. When exploited, an attacker is able to steal the user’s credentials or information from the user’s view of the Spark UI.

Related

cvelist 1
cve 1
prion 1
github 1
osv 2
nvd 1
ibm 1
cvelist
cvelist
CVE-2018-8024
2018-07-11 00:00:00
cve
cve
CVE-2018-8024
2018-07-12 13:29:00
prion
prion
Code injection
2018-07-12 13:29:00
github
github
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark via crafted URL
2019-03-14 15:40:57
osv
osv
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark via crafted URL
2019-03-14 15:40:57
CVE-2018-8024
2018-07-12 13:29:00
nvd
nvd
CVE-2018-8024
2018-07-12 13:29:00
ibm
ibm
Security Bulletin: Vulnerabilities in Apache Spark affect IBM Operations Analytics Predictive Insights (CVE-2018-8024, CVE-2018-1334)
2018-11-07 05:10:01

EPSS

0.001

Percentile

16.0%

JSON
Related for VERACODE:7046
cvelist1cve1prion1github1osv2nvd1ibm1