'[oss-security] CVE-2023-38435: Apache Felix Healthcheck Webconsole Plugin: XSS in healthcheck webcon'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2023-38435: Apache Felix Healthcheck Webconsole Plugin: XSS in healthcheck webcon
From:       Carsten Ziegeler <cziegeler () apache ! org>
Date:       2023-07-25 15:02:59
Message-ID: 590db97f-212d-6dbe-c02f-c9064330f9fb () apache ! org
[Download RAW message or body]

Severity: moderate

Affected versions:

- Apache Felix Healthcheck Webconsole Plugin through 2.0.2

Description:

An improper neutralization of input during web page generation ('Cross-site Scripting') \
[CWE-79] vulnerability in Apache Felix Healthcheck Webconsole Plugin version 2.0.2 and prior \
may allow an attacker to perform a reflected cross-site scripting (XSS) attack.

Upgrade to Apache Felix Healthcheck Webconsole Plugin 2.1.0 or higher.

Credit:

 This vulnerability was found by xray web vulnerability scanner (github.com/chaitin/xray) \
(finder)

References:

https://felix.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-38435

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic