An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Zeppelin allows logged-in users to execute arbitrary javascript in other users' browsers.
This issue affects Apache Zeppelin before 0.8.2. Users are recommended to upgrade to a supported version of Zeppelin.
References
Link | Resource |
---|---|
https://lists.apache.org/thread/gb1wdnrm1095xw6qznpsycfrht4lwbwc | Mailing List Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2022-12-16T12:55:37.597Z
Updated:
Reserved: 2022-12-09T14:04:31.289Z
Link: CVE-2022-46870
JSON object: View
NVD Information
Status : Modified
Published: 2022-12-16T13:15:09.103
Modified: 2023-11-07T03:56:04.920
Link: CVE-2022-46870
JSON object: View
Redhat Information
No data.
CWE