Zeppelin
CVE-2022-46870
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Zeppelin allows logged-in users to execute arbitrary javascript in other users' browsers. This issue affects Apache Zeppelin before 0.8.2. Users are recommended to upgrade to a supported version of Zeppelin.
AnalysisAI
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Zeppelin allows logged-in users to execute arbitrary javascript in other users'. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Zeppelin allows logged-in users to execute arbitrary javascript in other users' browsers.8.2. Users are recommended to upgrade to a supported version of Zeppelin. Affected products include: Apache Zeppelin. Version information: before 0.8.2..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. Rated critical severity (CVSS 9.8), this vulne
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin. Rated critical severity (CVS
CVE-2024-41169 is an unauthenticated information disclosure vulnerability in Apache Zeppelin's raft server protocol that
Improper Input Validation vulnerability in Apache Zeppelin. Rated medium severity (CVSS 6.5), this vulnerability is remo
Improper Input Validation vulnerability in Apache Zeppelin. Rated medium severity (CVSS 6.5), this vulnerability is remo
Improper Input Validation vulnerability in Apache Zeppelin. Rated medium severity (CVSS 6.5), this vulnerability is remo
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. Rated medium severity (CVSS 6.1), this vulnera
Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious scr
Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.10.1 before 0.11.0. Ra
Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI.10.1 before 0.11.
Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin. Rated medium severity (CVSS 5.3), this vulnera
Improper Input Validation vulnerability in Apache Zeppelin. Rated medium severity (CVSS 5.3), this vulnerability is remo
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today