Description
In Apache Druid 0.22.1 and earlier, certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. This makes it possible to execute reflected XSS attacks.
Remediation
References
https://lists.apache.org/thread/lh2kcl4j45q7xj4w6rqf6kwf0mvyp2o6
Related Vulnerabilities
CVE-2020-11023 Vulnerability in maven package org.webjars.bower:jquery
CVE-2020-2268 Vulnerability in maven package org.jenkins-ci.plugins:mongodb
CVE-2023-49798 Vulnerability in npm package @openzeppelin/contracts-upgradeable
CVE-2023-36542 Vulnerability in maven package org.apache.nifi:nifi-cdc-mysql-processors
CVE-2018-1000613 Vulnerability in maven package org.bouncycastle:bcprov-jdk15on