Vulnerabilities > Apache > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-19 | CVE-2019-10085 | Cross-site Scripting vulnerability in Apache Allura In Apache Allura prior to 1.11.0, a vulnerability exists for stored XSS on the user dropdown selector when creating or editing tickets. | 6.1 |
| 2019-06-11 | CVE-2019-0197 | HTTP Request Smuggling vulnerability in multiple products A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. | 4.2 |
| 2019-06-11 | CVE-2019-0196 | Use After Free vulnerability in multiple products A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. | 5.3 |
| 2019-06-11 | CVE-2019-0220 | Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. | 5.3 |
| 2019-05-28 | CVE-2019-0221 | Cross-site Scripting vulnerability in Apache Tomcat The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. | 6.1 |
| 2019-05-23 | CVE-2019-0201 | Missing Authorization vulnerability in multiple products An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. | 5.9 |
| 2019-05-20 | CVE-2019-10078 | Cross-site Scripting vulnerability in Apache Jspwiki A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. | 6.1 |
| 2019-05-20 | CVE-2019-10077 | Cross-site Scripting vulnerability in Apache Jspwiki A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. | 6.1 |
| 2019-05-20 | CVE-2019-10076 | Cross-site Scripting vulnerability in Apache Jspwiki A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. | 6.1 |
| 2019-05-09 | CVE-2019-0226 | Path Traversal vulnerability in Apache Karaf Apache Karaf Config service provides a install method (via service or MBean) that could be used to travel in any directory and overwrite existing file. | 4.9 |