Vulnerabilities > Apache > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-04-26 CVE-2019-0186 Cross-site Scripting vulnerability in Apache Pluto 3.0.0/3.0.1
The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting (XSS) attacks.
network
low complexity
apache CWE-79
6.1
6.1
2019-04-23 CVE-2019-2684 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI).
network
high complexity
oracle redhat opensuse debian apache canonical hp
5.9
5.9
2019-04-23 CVE-2018-1328 Cross-site Scripting vulnerability in Apache Zeppelin
Apache Zeppelin prior to 0.8.0 had a stored XSS issue via Note permissions.
network
low complexity
apache CWE-79
6.1
6.1
2019-04-22 CVE-2019-0218 Cross-site Scripting vulnerability in Apache Pony Mail
A vulnerability was discovered wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail interface.
network
low complexity
apache CWE-79
6.1
6.1
2019-04-22 CVE-2019-10241 Cross-site Scripting vulnerability in multiple products
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.
network
low complexity
eclipse debian apache oracle CWE-79
6.1
6.1
2019-04-10 CVE-2019-0216 Cross-site Scripting vulnerability in Apache Airflow
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.
network
low complexity
apache CWE-79
4.8
4.8
2019-03-28 CVE-2019-0224 Cross-site Scripting vulnerability in Apache Jspwiki
In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session.
network
low complexity
apache CWE-79
6.1
6.1
2019-03-21 CVE-2019-0191 Path Traversal vulnerability in Apache Karaf
Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file.
network
low complexity
apache CWE-22
6.5
6.5
2019-02-27 CVE-2018-20244 Cross-site Scripting vulnerability in Apache Airflow
In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.
network
low complexity
apache CWE-79
5.5
5.5
2019-02-11 CVE-2018-20242 Cross-site Scripting vulnerability in Apache Jspwiki
A carefully crafted URL could trigger an XSS vulnerability on Apache JSPWiki, from versions up to 2.10.5, which could lead to session hijacking.
network
low complexity
apache CWE-79
6.1
6.1