CVE-2017-12630

medium

Apache

CVSS v3 Base Score

5.4

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS Score

0.7%

Exploitation probability in 30 days

Top 27% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Confidentiality

Low

Integrity

Low

Availability

None

Published: December 18, 2017 (3069 days ago)

Last Modified: May 13, 2026

Vendor: Apache

Source: NVD

Description

In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards.

CWE

CWE-79

Affected Products

apache drill

References

🔗 lists.apache.org 🔗 lists.apache.org

CVE-2017-12630

Vulnerability Report

Description

CWE

Affected Products

References