Vulnerabilities > Apache > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-13 | CVE-2017-3165 | Cross-site Scripting vulnerability in Apache Brooklyn In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. | 5.4 |
| 2017-08-30 | CVE-2016-5001 | Information Exposure vulnerability in Apache Hadoop This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. | 5.5 |
| 2017-08-30 | CVE-2016-6800 | Cross-site Scripting vulnerability in Apache Ofbiz The default configuration of the Apache OFBiz framework offers a blog functionality. | 6.1 |
| 2017-08-29 | CVE-2017-3155 | Cross-site Scripting vulnerability in Apache Atlas 0.6.0/0.7.0 Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting. | 6.1 |
| 2017-08-29 | CVE-2017-3153 | Cross-site Scripting vulnerability in Apache Atlas 0.6.0/0.7.0 Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality. | 6.1 |
| 2017-08-29 | CVE-2017-3152 | Cross-site Scripting vulnerability in Apache Atlas 0.6.0/0.7.0 Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality. | 6.1 |
| 2017-08-29 | CVE-2017-3151 | Cross-site Scripting vulnerability in Apache Atlas 0.6.0/0.7.0 Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality. | 6.1 |
| 2017-08-29 | CVE-2017-3150 | Cross-site Scripting vulnerability in Apache Atlas 0.6.0/0.7.0 Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script. | 6.1 |
| 2017-08-14 | CVE-2017-9802 | Cross-site Scripting vulnerability in Apache Sling Servlets Post 2.3.20 The Javascript method Sling.evalString() in Apache Sling Servlets Post before 2.3.22 uses the javascript 'eval' function to parse input strings, which allows for XSS attacks by passing specially crafted input strings. | 6.1 |
| 2017-08-11 | CVE-2017-7674 | Insufficient Verification of Data Authenticity vulnerability in Apache Tomcat The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. | 4.3 |