Vulnerabilities > Apache > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-08-31 CVE-2022-37023 Deserialization of Untrusted Data vulnerability in Apache Geode
Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11.
network
low complexity
apache CWE-502
6.5
2022-08-24 CVE-2021-4040 Out-of-bounds Write vulnerability in multiple products
A flaw was found in AMQ Broker.
network
low complexity
redhat apache CWE-787
5.3
2022-08-23 CVE-2022-35278 Cross-site Scripting vulnerability in multiple products
In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue.
network
low complexity
apache netapp CWE-79
6.1
2022-08-04 CVE-2022-27166 Cross-site Scripting vulnerability in Apache Jspwiki
A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
network
low complexity
apache CWE-79
6.1
2022-08-04 CVE-2022-28730 Cross-site Scripting vulnerability in Apache Jspwiki
A carefully crafted request on AJAXPreview.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
network
low complexity
apache CWE-79
6.1
2022-08-04 CVE-2022-28731 Cross-Site Request Forgery (CSRF) vulnerability in Apache Jspwiki
A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.
network
low complexity
apache CWE-352
6.5
2022-08-04 CVE-2022-28732 Cross-site Scripting vulnerability in Apache Jspwiki
A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
network
low complexity
apache CWE-79
6.1
2022-07-07 CVE-2021-44791 Cross-site Scripting vulnerability in Apache Druid
In Apache Druid 0.22.1 and earlier, certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses.
network
low complexity
apache CWE-79
6.1
2022-07-07 CVE-2022-28889 Improper Restriction of Rendered UI Layers or Frames vulnerability in Apache Druid
In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking.
network
low complexity
apache CWE-1021
4.3
2022-07-06 CVE-2021-37839 Improper Check for Dropped Privileges vulnerability in Apache Superset
Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on.
network
low complexity
apache CWE-273
4.3