Cross-site Scripting in Apache UIMA
Moderate severity
GitHub Reviewed
Published
May 14, 2019
to the GitHub Advisory Database
•
Updated May 22, 2023
Description
Published by the National Vulnerability Database
May 1, 2019
Reviewed
May 3, 2019
Published to the GitHub Advisory Database
May 14, 2019
Last updated
May 22, 2023
This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC (<= 2.2.2) which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code.
References