CVE-2015-8795 – org.apache.solr:solr-core

Package

Manager: maven
Name: org.apache.solr:solr-core
Vulnerable Version: >=0 <5.1.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.02559 pctl0.84962

Details

Improper Neutralization of Input During Web Page Generation in Apache Solr Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js.

Metadata

Created: 2022-05-17T03:59:03Z
Modified: 2022-07-06T20:08:28Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mx2h-hf7j-2x3p/GHSA-mx2h-hf7j-2x3p.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-mx2h-hf7j-2x3p
Finding: F008
Auto approve: 1