CVE-2017-3152
MEDIUMApache Atlas 0.6.0-incubating and 0.7.0-incubating - DOM-Based Cross-Site Scripting in Edit-Tag Functionality
Title source: llmDescription
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100577
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea%40%3Cdev.atlas.apache.org%3E
Scores
CVSS v3
6.1
EPSS
0.0144
EPSS Percentile
81.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (5)
apache/atlas
0.6.0 (3 CPE variants)
apache/atlas
0.7.0 (3 CPE variants)
Apache Software Foundation/Apache Atlas
0.6.0-incubating
Apache Software Foundation/Apache Atlas
0.7.0-incubating
org.apache.atlas/atlas-common
0.6.0-incubating - 0.7.1-incubatingMaven
Published
Aug 29, 2017
Tracked Since
Feb 18, 2026