CVE-2025-49191 – Apache Atlas Cross-Site Scripting (XSS)

CVE ID : CVE-2025-49191

Published : June 12, 2025, 2:15 p.m. | 44 minutes ago

Description : Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as iFrame widgets, making it possible to attack other users that access the dashboard by including malicious code. The attack is only possible if the attacker is authorized to create new dashboards or iFrame widgets.

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…