Cross-site Scripting in Apache UIMA

2019-05-1404:00:37

Google

osv.dev

0.005 Low

EPSS

Percentile

77.6%

JSON

This vulnerability relates to the user’s browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC (<= 2.2.2) which runs in the user’s browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code.

CPENameOperatorVersion
org.apache.uima:uima-ducc-webeq2.2.0
org.apache.uima:uima-ducc-webeq2.1.0
org.apache.uima:uima-ducc-webeq2.2.1
org.apache.uima:uima-ducc-webeq2.2.2
org.apache.uima:uima-ducc-webeq1.0.0
org.apache.uima:uima-ducc-webeq2.0.0
org.apache.uima:uima-ducc-webeq2.0.1
org.apache.uima:uima-ducc-webeq1.1.0

Name	Operator	Version
org.apache.uima:uima-ducc-web	eq	2.2.0
org.apache.uima:uima-ducc-web	eq	2.1.0
org.apache.uima:uima-ducc-web	eq	2.2.1
org.apache.uima:uima-ducc-web	eq	2.2.2
org.apache.uima:uima-ducc-web	eq	1.0.0
org.apache.uima:uima-ducc-web	eq	2.0.0
org.apache.uima:uima-ducc-web	eq	2.0.1
org.apache.uima:uima-ducc-web	eq	1.1.0