CVE-2022-46870
published 2022-12-16CVE-2022-46870: An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Zeppelin allows logged-in users to execute…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Zeppelin allows logged-in users to execute arbitrary javascript in other users' browsers.
This issue affects Apache Zeppelin before 0.8.2. Users are recommended to upgrade to a supported version of Zeppelin.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | zeppelin | < 0.8.2 | 0.8.2 |
| apache_software_foundation | apache_zeppelin | < 0.8.2 | 0.8.2 |