Количество 2
Количество 2
CVE-2017-12630
In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards.
GHSA-xp4g-5xj6-6vpr
Apache Drill vulnerable to Cross-site Scripting
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2017-12630 In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards. | CVSS3: 5.4 | 1% Низкий | больше 8 лет назад |
| GHSA-xp4g-5xj6-6vpr Apache Drill vulnerable to Cross-site Scripting | CVSS3: 5.4 | 1% Низкий | почти 4 года назад |
Уязвимостей на страницу