CVE-2021-33192

MEDIUM6.1EPSS 3.4%

Cross-site scripting in Apache Jena Fuseki

Published: 8/13/2021Modified: 4/28/2026

Description

A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views. This issue affects Apache Jena Fuseki from version 2.0.0 to version 4.0.0 (inclusive).

Affected packages (2)

Debian/apache-jenafrom 0, < 4.5.0-1
Maven/org.apache.jena:jena-fuseki>= 2.0.0, < 4.1.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-33192
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2021-33192
WEBhttps://lists.apache.org/thread.html/r684d8943d755a96fe90f8cd8df196737b6bde3f2b74e15a9bd479975%40%3Cusers.jena.apache.org%3E