Vulnerabilities > Apache > Isis > 1.12.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-19 | CVE-2022-42466 | Cross-site Scripting vulnerability in Apache Isis Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. | 6.1 |
| 2022-10-19 | CVE-2022-42467 | Insecure Default Initialization of Resource vulnerability in Apache Isis When running in prototype mode, the h2 webconsole module (accessible from the Prototype menu) is automatically made available with the ability to directly query the database. | 5.3 |