CVE-2021-27578

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

6.1MEDIUM

EPSS

0.7%

top 28.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Zeppelin Apache Zeppelin

Timeline

PublishedSep 2

Latest updateSep 7

Description

Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious scripts. This issue affects Apache Zeppelin Apache Zeppelin versions prior to 0.9.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶NVDapache/zeppelin< 0.9.0

▶Mavenorg.apache.zeppelin:zeppelin< 0.9.0

▶CVEListV5apache_software_foundation/apache_zeppelinApache Zeppelin — 0.9.0

🔴Vulnerability Details

GHSA

Cross-site Scripting in Apache Zeppelin↗2021-09-07

▶

OSV

Cross-site Scripting in Apache Zeppelin↗2021-09-07

▶

CVEList

Cross Site Scripting in markdown interpreter↗2021-09-02

▶