*CVE-2017-12630 Apache Drill XSS vulnerability* *Severity*: Important
*Vendor:* The Apache Software Foundation *Versions Affected:* Apache Drill 1.11.0 and earlier *Description* In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: After submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards. *Mitigation:* Users of the affected versions should upgrade to Apache Drill to 1.12.0 and later. *Credit:* Sanjog Panda Kind regards Arina
