logo

Database

Reflected cross-site scripting (XSS) In org.apache.solr:solr-core

Description

Improper Neutralization of Input During Web Page Generation in Apache Solr Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2015-87972. NVD-2015-87973. OSV-2015-87974. GCVE-2015-8797

References

1. https://issues.apache.org/jira/browse/SOLR-79492. http://www-01.ibm.com/support/docview.wss?uid=swg21975544

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.