CVE-2021-44791

CVE-2021-44791: Reflected XSS on certain HTTP endpoints

Vendor Apache Software Foundation

Product Apache Druid

Weakness CWE-79 · XSS

Published July 7, 2022

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

In Apache Druid 0.22.1 and earlier, certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. This makes it possible to execute reflected XSS attacks.

Key dates

02Disclosure timeline

July 7, 2022 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-44791 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-10721 Store XSS in phpipam/phpipam CVE-2026-45481 Microsoft SharePoint Server Spoofing Vulnerability CVE-2026-4089 Twittee Text Tweet <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute CVE-2025-9715 O2OA Personal Profile script cross site scripting CVE-2025-53931 WeGIA vulnerable to Stored Cross-Site Scripting via endpoint `adicionar_raca.php` parameter `raca`