Description

Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js.

Remediation

References

https://issues.apache.org/jira/browse/SOLR-7346

Related Vulnerabilities

CVE-2019-10327 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-maven-parent

CVE-2021-20250 Vulnerability in maven package org.jboss:jboss-ejb-client

CVE-2022-34158 Vulnerability in maven package org.apache.jspwiki:jspwiki-war

CVE-2021-33605 Vulnerability in maven package com.vaadin:vaadin-checkbox-flow

CVE-2022-45935 Vulnerability in maven package org.apache.james:apache-mailet-standard

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory