CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12630
https://notcve.org/view.php?id=CVE-2017-12630
18 Dec 2017 — In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards. En Apache Drill 1.11.0 y anteriores, cuando se envía el formulario desde la página Query, los usuarios son capaces de pasar scritps o HTML arbitrarios que surtirían efecto despué... • https://lists.apache.org/thread.html/608658a55d09e16542db41121a0a972c97448214cdc04071fd4db923%40%3Cdev.drill.apache.org%3E • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •