Vulnerabilities > Apache > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-08-31 | CVE-2022-37023 | Deserialization of Untrusted Data vulnerability in Apache Geode Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. | 6.5 |
2022-08-24 | CVE-2021-4040 | Out-of-bounds Write vulnerability in multiple products A flaw was found in AMQ Broker. | 5.3 |
2022-08-23 | CVE-2022-35278 | Cross-site Scripting vulnerability in multiple products In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue. | 6.1 |
2022-08-04 | CVE-2022-27166 | Cross-site Scripting vulnerability in Apache Jspwiki A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | 6.1 |
2022-08-04 | CVE-2022-28730 | Cross-site Scripting vulnerability in Apache Jspwiki A carefully crafted request on AJAXPreview.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | 6.1 |
2022-08-04 | CVE-2022-28731 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Jspwiki A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page. | 6.5 |
2022-08-04 | CVE-2022-28732 | Cross-site Scripting vulnerability in Apache Jspwiki A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | 6.1 |
2022-07-07 | CVE-2021-44791 | Cross-site Scripting vulnerability in Apache Druid In Apache Druid 0.22.1 and earlier, certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. | 6.1 |
2022-07-07 | CVE-2022-28889 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Apache Druid In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. | 4.3 |
2022-07-06 | CVE-2021-37839 | Improper Check for Dropped Privileges vulnerability in Apache Superset Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. | 4.3 |