CVE-2018-8035

Published: May 1, 2019Modified: Nov 21, 2024

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC (<= 2.2.2) which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code.

Affected (1)

Products: Apache: Uimaducc

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Uimaducc	Up to 2.2.2

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

http://www.securityfocus.com/bid/108195

Source: security@apache.org

https://lists.apache.org/thread.html/2f49681259b375d53431605f1c557ef8a3ed0af01a488d2e1b330053%40%3Cdev.uima.apache.org%3E

Source: security@apache.org

https://uima.apache.org/security_report

Source: security@apache.org

Vendor Advisory

http://www.securityfocus.com/bid/108195

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/2f49681259b375d53431605f1c557ef8a3ed0af01a488d2e1b330053%40%3Cdev.uima.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://uima.apache.org/security_report

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.