Cross-Site Scripting (XSS)

2019-07-0811:48:49

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.005 Low

EPSS

Percentile

77.6%

JSON

uima-ducc-web is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject arbitrary Javascript into a victim’s browser via multiple parameters due to the lack of output encoding.

CPENameOperatorVersion
uima-ducc-weble2.2.2
uima-ducc-weble2.2.2

CPE	Name	Operator	Version
	uima-ducc-web	le	2.2.2
	uima-ducc-web	le	2.2.2

References

www.securityfocus.com/bid/108195

lists.apache.org/thread.html/2f49681259b375d53431605f1c557ef8a3ed0af01a488d2e1b330053@%3Cdev.uima.apache.org%3E

uima.apache.org/security_report

0.005 Low

EPSS

Percentile

77.6%

JSON

Related for VERACODE:20703