Reflected XSS Vulnerability in Apache Druid 0.22.1 and Earlier

Reflected XSS Vulnerability in Apache Druid 0.22.1 and Earlier

CVE-2021-44791 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

In Apache Druid 0.22.1 and earlier, certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. This makes it possible to execute reflected XSS attacks.

Learn more about our Cis Benchmark Audit For Apache Http Server.