An authenticated user can perform XSS.
This issue affects Apache Atlas versions 2.4.0 and earlier.
Users are recommended to upgrade to version 2.5.0, which fixes the issue.
CVSS Score
5.4
EPSS Score
0.002
Published
2026-06-22
Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving search or rendering elements values are not sanitized correctly and because of that it triggers the XSS vulnerability.
CVSS Score
6.1
EPSS Score
0.026
Published
2020-09-16
Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img.
CVSS Score
7.5
EPSS Score
0.021
Published
2017-08-29
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script.
CVSS Score
6.1
EPSS Score
0.02
Published
2017-08-29
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality.
CVSS Score
6.1
EPSS Score
0.019
Published
2017-08-29
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality.
CVSS Score
6.1
EPSS Score
0.02
Published
2017-08-29
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality.
CVSS Score
6.1
EPSS Score
0.02
Published
2017-08-29
Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information.
CVSS Score
7.5
EPSS Score
0.021
Published
2017-08-29
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting.
CVSS Score
6.1
EPSS Score
0.018
Published
2017-08-29