Vulnerabilities > Apache > Zeppelin > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-16 | CVE-2021-28655 | Improper Input Validation vulnerability in Apache Zeppelin 0.5.0/0.9.0 The improper Input Validation vulnerability in "”Move folder to Trash” feature of Apache Zeppelin allows an attacker to delete the arbitrary files. | 6.5 |
| 2022-12-16 | CVE-2022-46870 | Cross-site Scripting vulnerability in Apache Zeppelin An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Zeppelin allows logged-in users to execute arbitrary javascript in other users' browsers. This issue affects Apache Zeppelin before 0.8.2. | 5.4 |
| 2021-09-02 | CVE-2021-27578 | Cross-site Scripting vulnerability in Apache Zeppelin 0.5.0/0.9.0 Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious scripts. | 6.1 |
| 2019-04-23 | CVE-2018-1328 | Cross-site Scripting vulnerability in Apache Zeppelin Apache Zeppelin prior to 0.8.0 had a stored XSS issue via Note permissions. | 6.1 |