CVE-2017-12630

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
5.4MEDIUM
EPSS
0.7%
top 27.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache DrillApache Software Foundation Apache Drill
Timeline
PublishedDec 18
Latest updateMay 14

Description

In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

NVDapache/drill1.11.0
CVEListV5apache_software_foundation/apache_drill1.11.0 and earlier

🔴Vulnerability Details

3
GHSA
Apache Drill vulnerable to Cross-site Scripting2022-05-14
OSV
Apache Drill vulnerable to Cross-site Scripting2022-05-14
CVEList
CVE-2017-12630: In Apache Drill 12017-12-18
CVE-2017-12630 (MEDIUM CVSS 5.4) | In Apache Drill 1.11.0 and earlier | cvebase.io