CVE-2021-26544

CVE-2021-26544: Apache Livy (Incubating) is vulnerable to cross site scripting

Vendor Apache Software Foundation

Product Apache Livy (Incubating)

Weakness CWE-79 · XSS

Published February 20, 2021

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Livy server version 0.7.0-incubating (only) is vulnerable to a cross site scripting issue in the session name. A malicious user could use this flaw to access logs and results of other users' sessions and run jobs with their privileges. This issue is fixed in Livy 0.7.1-incubating.

Key dates

02Disclosure timeline

February 20, 2021 CVE published

February 13, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-26544

Related vulnerabilities

04Related CVE

CVE-2022-2799 Affiliates Manager < 2.9.14 - Admin+ Stored Cross-Site Scripting CVE-2025-6125 PHPGurukul Rail Pass Management System aboutus.php cross site scripting CVE-2025-46447 WordPress Fable Extra plugin <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability CVE-2024-29918 WordPress Survey Maker plugin <= 4.0.6 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-58344 Carbon Forum 5.9.0 Persistent XSS via Forum Name Field