CVE-2017-12630

Published: Dec 18, 2017

Modified: Sep 16, 2024

PUBLISHED

Description

In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards.

Vendor	Product	Versions
Apache Software Foundation	Apache Drill	affected `1.11.0 and earlier`

References

[dev] 20171218 [SECURITY] CVE-2017-12630 Apache Drill XSS vulnerability

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-12630

Description

Affected Products

References