{"id":"CVE-2018-8035","details":"This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC (\u003c= 2.2.2) which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code.","aliases":["GHSA-vm59-329q-p468"],"modified":"2026-03-14T09:31:12.957561Z","published":"2019-05-01T21:29:00.550Z","references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/108195"},{"type":"WEB","url":"https://lists.apache.org/thread.html/2f49681259b375d53431605f1c557ef8a3ed0af01a488d2e1b330053%40%3Cdev.uima.apache.org%3E"},{"type":"ADVISORY","url":"https://uima.apache.org/security_report"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/uima-ducc","events":[{"introduced":"0"},{"last_affected":"e0ab5c1d7134ac5e8d96969fef021e09003dae61"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.2.2"}]}}],"versions":["uima-ducc-2.2.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-8035.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}