Vulnerabilities > Apache > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-05-20 CVE-2019-10076 Cross-site Scripting vulnerability in Apache Jspwiki
A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.
network
low complexity
apache CWE-79
6.1
2019-05-09 CVE-2019-0226 Path Traversal vulnerability in Apache Karaf
Apache Karaf Config service provides a install method (via service or MBean) that could be used to travel in any directory and overwrite existing file.
network
low complexity
apache CWE-22
4.9
2019-05-01 CVE-2018-8035 Cross-site Scripting vulnerability in Apache Uimaducc
This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC (<= 2.2.2) which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code.
network
low complexity
apache CWE-79
6.1
2019-04-30 CVE-2019-0214 Unspecified vulnerability in Apache Archiva
In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism.
network
low complexity
apache
6.5
2019-04-30 CVE-2019-0213 Cross-site Scripting vulnerability in Apache Archiva
In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e.
network
low complexity
apache CWE-79
6.5
2019-04-26 CVE-2019-0186 Cross-site Scripting vulnerability in Apache Pluto 3.0.0/3.0.1
The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting (XSS) attacks.
network
low complexity
apache CWE-79
6.1
2019-04-23 CVE-2019-2684 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI).
network
high complexity
oracle redhat opensuse debian apache canonical hp
5.9
2019-04-23 CVE-2018-1328 Cross-site Scripting vulnerability in Apache Zeppelin
Apache Zeppelin prior to 0.8.0 had a stored XSS issue via Note permissions.
network
low complexity
apache CWE-79
6.1
2019-04-22 CVE-2019-0218 Cross-site Scripting vulnerability in Apache Pony Mail
A vulnerability was discovered wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail interface.
network
low complexity
apache CWE-79
6.1
2019-04-22 CVE-2019-10241 Cross-site Scripting vulnerability in multiple products
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.
network
low complexity
eclipse debian apache oracle CWE-79
6.1