Vulnerabilities > Apache > Isis > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-10-19 CVE-2022-42466 Cross-site Scripting vulnerability in Apache Isis
Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved.
network
low complexity
apache CWE-79
6.1
2022-10-19 CVE-2022-42467 Insecure Default Initialization of Resource vulnerability in Apache Isis
When running in prototype mode, the h2 webconsole module (accessible from the Prototype menu) is automatically made available with the ability to directly query the database.
network
low complexity
apache CWE-1188
5.3