CVE-2020-13928

MEDIUM6.1EPSS 1.9%

Cross-site scripting in Apache Atlas

Published: 2/10/2022Modified: 11/8/2023

Description

Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving search or rendering elements values are not sanitized correctly and because of that it triggers the XSS vulnerability.

Affected packages (1)

Maven/org.apache.atlas:apache-atlasfrom 0, < 2.1.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-13928
WEBhttps://lists.apache.org/thread.html/ra468036f913be41b0c8fea74f91d53e273b0bfa838a4b140a5dcd463%40%3Cuser.atlas.apache.org%3E
WEBhttps://mvnrepository.com/artifact/org.apache.atlas/apache-atlas