Description
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. This is due to improper escaping of server-side content. There is known to be a proof-of-concept exploit using this vulnerability.
Remediation
References
http://www.securityfocus.com/bid/96228
https://brooklyn.apache.org/community/security/CVE-2017-3165.html
https://lists.apache.org/thread.html/5aa6b7583edbfc1f5653607003204326d9e27ef65e8af356c798b21c%40%3Cdev.brooklyn.apache.org%3E
Related Vulnerabilities
CVE-2017-14063 Vulnerability in maven package org.asynchttpclient:async-http-client
CVE-2014-0072 Vulnerability in npm package cordova-plugin-file-transfer
CVE-2021-23448 Vulnerability in npm package config-handler
CVE-2021-23386 Vulnerability in npm package dns-packet
CVE-2023-48910 Vulnerability in maven package io.github.microcks:microcks