Vulnerabilities > Apache > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-09-25 CVE-2015-5169 Cross-site Scripting vulnerability in Apache Struts
Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20.
network
low complexity
apache CWE-79
6.1
2017-09-20 CVE-2016-8738 Improper Input Validation vulnerability in Apache Struts
In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.
network
high complexity
apache CWE-20
5.9
2017-09-13 CVE-2017-3165 Cross-site Scripting vulnerability in Apache Brooklyn
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources.
network
low complexity
apache CWE-79
5.4
2017-08-30 CVE-2016-5001 Information Exposure vulnerability in Apache Hadoop
This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS.
local
low complexity
apache CWE-200
5.5
2017-08-30 CVE-2016-6800 Cross-site Scripting vulnerability in Apache Ofbiz
The default configuration of the Apache OFBiz framework offers a blog functionality.
network
low complexity
apache CWE-79
6.1
2017-08-29 CVE-2017-3155 Cross-site Scripting vulnerability in Apache Atlas 0.6.0/0.7.0
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting.
network
low complexity
apache CWE-79
6.1
2017-08-29 CVE-2017-3153 Cross-site Scripting vulnerability in Apache Atlas 0.6.0/0.7.0
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality.
network
low complexity
apache CWE-79
6.1
2017-08-29 CVE-2017-3152 Cross-site Scripting vulnerability in Apache Atlas 0.6.0/0.7.0
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality.
network
low complexity
apache CWE-79
6.1
2017-08-29 CVE-2017-3151 Cross-site Scripting vulnerability in Apache Atlas 0.6.0/0.7.0
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality.
network
low complexity
apache CWE-79
6.1
2017-08-29 CVE-2017-3150 Cross-site Scripting vulnerability in Apache Atlas 0.6.0/0.7.0
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script.
network
low complexity
apache CWE-79
6.1