CVE-2018-8035

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-8035
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-8035.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-8035
Aliases
Related
Published
2019-05-01T21:29:00Z
Modified
2024-10-12T04:07:35.699723Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC (<= 2.2.2) which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code.

References

Affected packages

Git / github.com/apache/uima-ducc

Affected ranges

Type
GIT
Repo
https://github.com/apache/uima-ducc
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

uima-ducc-2.*

uima-ducc-2.2.2