cvedb.io
CVE-2017-12630
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2017-12-18T14:29:00.243 · Last modified 2026-06-17T01:03:40.340

Summary

In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards.

Affected products

apache — drill

Does this affect you?

Add your gear to cvedb and we'll alert you only when apache ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.