CVE-2018-8035: XSS
First published: Wed May 01 2019(Updated: )
This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC (<= 2.2.2) which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache uimaDUCC | <=2.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/108195
- https://lists.apache.org/thread.html/2f49681259b375d53431605f1c557ef8a3ed0af01a488d2e1b330053@%3Cdev.uima.apache.org%3E
- https://uima.apache.org/security_report
- https://lists.apache.org/thread.html/2f49681259b375d53431605f1c557ef8a3ed0af01a488d2e1b330053%40%3Cdev.uima.apache.org%3E
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2018-8035.
What is the title of this vulnerability?
The title of this vulnerability is 'This vulnerability relates to the user's browser processing of DUCC webpage input data.'
What is the severity level of CVE-2018-8035?
The severity level of CVE-2018-8035 is medium with a CVSS score of 6.1.
What is the affected software of CVE-2018-8035?
The affected software of CVE-2018-8035 is Apache UIMA DUCC version 2.2.2 and earlier.
How can I fix CVE-2018-8035?
To fix CVE-2018-8035, it is recommended to update to a version of Apache UIMA DUCC that is later than 2.2.2.
- collector/nvd-index
- agent/references
- agent/event
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/apache
- canonical/apache uimaducc
- version/apache uimaducc/2.2.2