VYPR

Maven package

org.apache.storm/storm-webapp

pkg:maven/org.apache.storm/storm-webapp

Vulnerabilities (1)

  • CVE-2026-35565MedApr 13, 2026
    affected < 2.8.6fixed 2.8.6

    Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata in Apache Storm UI Versions Affected: before 2.8.6 Description: The Storm UI visualization component interpolates topology metadata including component IDs, stream names, and grouping values directly into HTM