CVE-2022-46870

CVE-2022-46870: Apache Zeppelin: Stored XSS in note permissions

Vendor Apache Software Foundation

Product Apache Zeppelin

Weakness CWE-79 · XSS

Published December 16, 2022

Last update April 17, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Zeppelin allows logged-in users to execute arbitrary javascript in other users' browsers. This issue affects Apache Zeppelin before 0.8.2. Users are recommended to upgrade to a supported version of Zeppelin.

Key dates

Disclosure timeline

December 16, 2022 CVE published

April 17, 2025 Record updated