Apache · Apache Uima Ducc · CVE-2018-8035
Name of the Vulnerable Software and Affected Versions:
Apache UIMA DUCC versions 2.2.2 and earlier
Description:
The issue arises from insufficient filtering of user-supplied inputs in the javascript code of Apache UIMA DUCC, potentially leading to the unintended execution of user-supplied javascript code in the user's browser.
Recommendations:
For Apache UIMA DUCC versions 2.2.2 and earlier, update to a version that properly filters user inputs to prevent unintended javascript code execution.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.