CVE-2017-12630

CVE-2017-12630

In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards.

Source: CVE-2017-12630

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다