CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0CVE-2020-13928
https://notcve.org/view.php?id=CVE-2020-13928
16 Sep 2020 — Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving search or rendering elements values are not sanitized correctly and because of that it triggers the XSS vulnerability. Apache Atlas versiones anteriores a 2.1.0, contiene una vulnerabilidad de tipo XSS. Mientras se guardan los valores de los elementos de búsqueda o renderizado no se sanean correctamente y debido a eso se desencadena la vulnerabilidad de tipo XSS • https://lists.apache.org/thread.html/ra468036f913be41b0c8fea74f91d53e273b0bfa838a4b140a5dcd463%40%3Cuser.atlas.apache.org%3E • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 6EXPL: 0CVE-2017-3150
https://notcve.org/view.php?id=CVE-2017-3150
29 Aug 2017 — Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script. Apache Atlas en sus versiones 0.6.0-incubating y 0.7.0-incubating emplea cookies que podrían ser accesibles para un script del lado del cliente. • http://www.securityfocus.com/bid/100536 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 6EXPL: 0CVE-2017-3151
https://notcve.org/view.php?id=CVE-2017-3151
29 Aug 2017 — Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality. Apache Atlas en sus versiones 0.6.0-incubating y 0.7.0-incubating es vulnerable a Stored Cross-Site Scripting en la funcionalidad edit-tag. • http://www.securityfocus.com/bid/100547 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 6EXPL: 0CVE-2017-3152
https://notcve.org/view.php?id=CVE-2017-3152
29 Aug 2017 — Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality. Apache Atlas en sus versiones 0.6.0-incubating y 0.7.0-incubating es vulnerable a DOM XSS en la funcionalidad edit-tag. • http://www.securityfocus.com/bid/100577 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 6EXPL: 0CVE-2017-3153
https://notcve.org/view.php?id=CVE-2017-3153
29 Aug 2017 — Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality. Apache Atlas en sus versiones 0.6.0-incubating y 0.7.0-incubating es vulnerable a XSS reflejado en la funcionalidad search. • http://www.securityfocus.com/bid/100578 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-3154
https://notcve.org/view.php?id=CVE-2017-3154
29 Aug 2017 — Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information. Las respuestas de error de Apache Atlas en sus versiones 0.6.0-incubating y 0.7.0-incubating incluyen seguimiento de la pila, lo que expone información excesiva. • http://www.securityfocus.com/bid/100581 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 1%CPEs: 6EXPL: 0CVE-2017-3155
https://notcve.org/view.php?id=CVE-2017-3155
29 Aug 2017 — Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting. Apache Atlas en sus versiones 0.6.0-incubating y 0.7.0-incubating es vulnerable a cross frame scripting. • http://www.securityfocus.com/bid/100587 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0CVE-2016-8752
https://notcve.org/view.php?id=CVE-2016-8752
29 Aug 2017 — Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img. Apache Atlas en sus versiones 0.6.0 (incubating), 0.7.0 (incubating), y 0.7.1 (incubating) permite el acceso al contenido del directorio webapp señalando a URI como /js e /img. • https://lists.apache.org/thread.html/f7435d66b840daa2a38ad1329d639b70f5a9476e7580ae885d422e86%40%3Cdev.atlas.apache.org%3E • CWE-284: Improper Access Control •