Description
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Zeppelin allows logged-in users to execute arbitrary javascript in other users' browsers. This issue affects Apache Zeppelin before 0.8.2. Users are recommended to upgrade to a supported version of Zeppelin.
Remediation
References
https://lists.apache.org/thread/gb1wdnrm1095xw6qznpsycfrht4lwbwc
Related Vulnerabilities
CVE-2020-11987 Vulnerability in maven package org.apache.xmlgraphics:batik-svgbrowser
CVE-2010-2076 Vulnerability in maven package org.apache.cxf:cxf-bundle-jaxrs
CVE-2022-28135 Vulnerability in maven package org.jvnet.hudson.plugins:instant-messaging
CVE-2022-22984 Vulnerability in npm package snyk
CVE-2023-30526 Vulnerability in maven package org.jenkins-ci.plugins:reportportal