Skip to main content

Atlas

15 CVEs product

Monthly

CVE-2025-62198 MEDIUM This Month

Stored XSS in Apache Atlas's Create Entity page allows any authenticated user to inject persistent malicious JavaScript that executes in other users' browsers. All deployments running Apache Atlas 2.4.0 and earlier are affected. An attacker with a valid account can store a crafted payload that triggers against higher-privileged users - such as administrators - who later view the poisoned entity, enabling session hijacking or credential theft. No public exploit or CISA KEV listing has been identified at time of analysis.

Apache XSS Atlas
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-46910 Maven HIGH PATCH This Week

An authenticated user can perform XSS and potentially impersonate another user.3.0 and earlier. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Atlas
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2023-3756 MEDIUM This Month

A vulnerability was found in Creativeitem Atlas Business Directory Listing 2.13 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlas
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-3755 MEDIUM This Month

A vulnerability has been found in Creativeitem Atlas Business Directory Listing 2.13 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlas
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-34271 Maven HIGH PATCH This Week

A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem.8.4 to 2.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Apache Atlas
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-17521 Maven MEDIUM PATCH This Month

Apache Groovy provides extension methods to aid with creating temporary directories. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Apache Java Information Disclosure Groovy Snapcenter +19
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-13928 Maven MEDIUM PATCH This Month

Apache Atlas before 2.1.0 contain a XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Atlas
NVD
CVSS 3.1
6.1
EPSS
2.6%
CVE-2019-10070 Maven MEDIUM PATCH This Month

Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored Cross-Site Scripting in the search functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Atlas
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2017-3155 LIB MEDIUM PATCH This Month

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Apache Atlas
NVD
CVSS 3.0
6.1
EPSS
1.9%
CVE-2017-3154 LIB HIGH PATCH This Week

Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Information Disclosure Atlas
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-3153 LIB MEDIUM PATCH This Month

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Apache Atlas
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2017-3152 LIB MEDIUM PATCH This Month

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Apache Atlas
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2017-3151 LIB MEDIUM PATCH This Month

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Apache Atlas
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2017-3150 LIB MEDIUM PATCH This Month

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Apache Atlas
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2016-8752 LIB HIGH PATCH This Week

Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Apache Atlas
NVD
CVSS 3.0
7.5
EPSS
1.0%
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Apache Atlas's Create Entity page allows any authenticated user to inject persistent malicious JavaScript that executes in other users' browsers. All deployments running Apache Atlas 2.4.0 and earlier are affected. An attacker with a valid account can store a crafted payload that triggers against higher-privileged users - such as administrators - who later view the poisoned entity, enabling session hijacking or credential theft. No public exploit or CISA KEV listing has been identified at time of analysis.

Apache XSS Atlas
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

An authenticated user can perform XSS and potentially impersonate another user.3.0 and earlier. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Atlas
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability was found in Creativeitem Atlas Business Directory Listing 2.13 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlas
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability has been found in Creativeitem Atlas Business Directory Listing 2.13 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlas
NVD VulDB
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem.8.4 to 2.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Apache Atlas
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Apache Groovy provides extension methods to aid with creating temporary directories. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Apache Java Information Disclosure +21
NVD
EPSS 3% CVSS 6.1
MEDIUM PATCH This Month

Apache Atlas before 2.1.0 contain a XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Atlas
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored Cross-Site Scripting in the search functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Atlas
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Apache Atlas
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Information Disclosure Atlas
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Apache Atlas
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Apache Atlas
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Apache Atlas
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Apache Atlas
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Apache Atlas
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy