This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC (<= 2.2.2) which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code.
References
Configurations
History
21 Nov 2024, 04:13
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/108195 - | |
References | () https://lists.apache.org/thread.html/2f49681259b375d53431605f1c557ef8a3ed0af01a488d2e1b330053%40%3Cdev.uima.apache.org%3E - | |
References | () https://uima.apache.org/security_report - Vendor Advisory |
07 Nov 2023, 03:01
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2019-05-01 21:29
Updated : 2024-11-21 04:13
NVD link : CVE-2018-8035
Mitre link : CVE-2018-8035
CVE.ORG link : CVE-2018-8035
JSON object : View
Products Affected
apache
- uimaducc
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')