Reflected XSS Vulnerability in Apache Druid 0.22.1 and Earlier
CVE-2021-44791 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
In Apache Druid 0.22.1 and earlier, certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. This makes it possible to execute reflected XSS attacks.
Learn more about our Cis Benchmark Audit For Apache Http Server.