JavaScript Injection Vulnerability in Apache UIMA DUCC Web Application
CVE-2018-8035

6.1MEDIUM

Key Information:

Vendor
Apache
Status
Apache Uima Ducc
Vendor
CVE Published:
1 May 2019

Summary

This vulnerability affects the Apache UIMA DUCC web application by allowing potential JavaScript injection through insufficient filtering of user-supplied input data. Running in the user's browser, the JavaScript component may unintentionally execute maliciously crafted code provided by the user, which could lead to various forms of exploitation.

Affected Version(s)

Apache UIMA DUCC Apache UIMA DUCC releases including and prior to 2.2.2

References

https://uima.apache.org/security_report
x_refsource_CONFIRM
http://www.securityfocus.com/bid/108195
vdb-entryx_refsource_BID
https://lists.apache.org/thread.html/2f49681259b375d53431...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.