Vulnerabilities > Apache > Uimaducc

DATE CVE VULNERABILITY TITLE RISK
2019-05-01 CVE-2018-8035 Cross-site Scripting vulnerability in Apache Uimaducc
This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC (<= 2.2.2) which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code.
network
low complexity
apache CWE-79
6.1
2018-04-26 CVE-2017-15691 XXE vulnerability in Apache products
In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, Apache uimaDUCC prior to 2.2.2, this vulnerability relates to an XML external entity expansion (XXE) capability of various XML parsers.
network
low complexity
apache CWE-611
6.5