A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI. https://lists.apache.org/thread/60mgbswq2lsmrxykfxpqq13ztkm2ht6q http://www.openwall.com/lists/oss-security/2022/11/01/14
This issue has been addressed in the following products: RHINT Camel-Springboot 3.20.1 Via RHSA-2023:2100 https://access.redhat.com/errata/RHSA-2023:2100
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-31777