QwikSec

Security Database

CVE

CWE

Training

CVE-2022-46870

Published: Dec 16, 2022

Modified: Apr 17, 2025

PUBLISHED

Description

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Zeppelin allows logged-in users to execute arbitrary javascript in other users' browsers. This issue affects Apache Zeppelin before 0.8.2. Users are recommended to upgrade to a supported version of Zeppelin.

Vendor	Product	Versions
Apache Software Foundation	Apache Zeppelin	affected `0 - < 0.8.2`

Weaknesses (CWE)

References

https://lists.apache.org/thread/gb1wdnrm1095xw6qznpsycfrht4lwbwc

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2022-46870 - Security Vulnerability | QwikSec