Description
Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js.
Remediation
References
https://issues.apache.org/jira/browse/SOLR-7346
Related Vulnerabilities
CVE-2023-37899 Vulnerability in npm package @feathersjs/transport-commons
CVE-2020-6537 Vulnerability in npm package electron
CVE-2021-21696 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-46242 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2023-28935 Vulnerability in maven package org.apache.uima:uima-ducc-parent