[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2023-38435: Apache Felix Healthcheck Webconsole Plugin: XSS in healthcheck webcon
From: Carsten Ziegeler <cziegeler () apache ! org>
Date: 2023-07-25 15:02:59
Message-ID: 590db97f-212d-6dbe-c02f-c9064330f9fb () apache ! org
[Download RAW message or body]
Severity: moderate
Affected versions:
- Apache Felix Healthcheck Webconsole Plugin through 2.0.2
Description:
An improper neutralization of input during web page generation ('Cross-site Scripting') \
[CWE-79] vulnerability in Apache Felix Healthcheck Webconsole Plugin version 2.0.2 and prior \
may allow an attacker to perform a reflected cross-site scripting (XSS) attack.
Upgrade to Apache Felix Healthcheck Webconsole Plugin 2.1.0 or higher.
Credit:
This vulnerability was found by xray web vulnerability scanner (github.com/chaitin/xray) \
(finder)
References:
https://felix.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-38435
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic