What is CVE-2017-12630?

CVE-2017-12630 is a medium-severity vulnerability in Apache Drill, classified under Cross-site Scripting. CVSS score: 5.4/10. Published 2017-12-18.

How severe is CVE-2017-12630?

Medium severity. CVSS v3 base score is 5.4 out of 10.

XSS in Apache Drill

CVE-2017-12630

In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie informa…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.007 (72.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N.

Affected products

Apache Drill
Apache Software Foundation Drill — versions 1.11.0 and earlier

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

security@apache.org (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2017-12630?: CVE-2017-12630 is a medium-severity vulnerability in Apache Drill, classified under Cross-site Scripting. CVSS score: 5.4/10. Published 2017-12-18.
How severe is CVE-2017-12630?: Medium severity. CVSS v3 base score is 5.4 out of 10.