{"schema_version": "1.6.1", "id": "CVE-2022-46870", "summary": "Stored XSS in note permissions", "details": "An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Zeppelin allows logged-in users to execute arbitrary javascript in other users' browsers.\nThis issue affects Apache Zeppelin before 0.8.2. Users are recommended to upgrade to a supported version of Zeppelin.\n\n\n", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "0"}, {"fixed": "0.8.2"}]}]}], "references": [{"type": "WEB", "url": "https://lists.apache.org/thread/gb1wdnrm1095xw6qznpsycfrht4lwbwc"}]}