cvedb.io
CVE-2018-8035
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2019-05-01T21:29:00.550 · Last modified 2026-06-17T02:04:08.647

Summary

This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC (<= 2.2.2) which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code.

Affected products

apache — uimaducc

Does this affect you?

Add your gear to cvedb and we'll alert you only when apache ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.