Description
An authenticated user can perform XSS. This issue affects Apache Atlas versions 2.4.0 and earlier. Users are recommended to upgrade to version 2.5.0, which fixes the issue.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
https://lists.apache.org/thread/nv893lhz3ok08f25j3v4z1to5nrpdp7k
Scores
CVSS v3
5.4
EPSS
0.0032
EPSS Percentile
23.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-80
Status
published
Products (2)
apache/atlas
< 2.5.0
Apache Software Foundation/Apache Atlas
< 2.4.0
Published
Jun 22, 2026
Tracked Since
Jun 22, 2026