An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Zeppelin allows logged-in users to execute arbitrary javascript in other users' browsers.
This issue affects Apache Zeppelin before 0.8.2. Users are recommended to upgrade to a supported version of Zeppelin.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2022-12-16T12:55:37.597Z
Updated: 2024-08-03T14:39:39.095Z
Reserved: 2022-12-09T14:04:31.289Z
Link: CVE-2022-46870
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-12-16T13:15:09.103
Modified: 2024-11-21T07:31:12.807
Link: CVE-2022-46870
Redhat
No data.