CVE-2014-3628 — Cross-site Scripting in Apache Solr

CWE-79 — Cross-site Scripting8 documents8 sources
Severity
4.3MEDIUMNVD
EPSS
1.4%
top 19.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Solr
Timeline
PublishedJan 6
Latest updateOct 21

Description

Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

â–¶NVDapache/solr21 versions+20

🔴Vulnerability Details

4
Kernel
wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker()↗2022-10-21
â–¶
GHSA
Improper Neutralization of Input During Web Page Generation in Apache Solr↗2022-05-17
â–¶
OSV
Improper Neutralization of Input During Web Page Generation in Apache Solr↗2022-05-17
â–¶
CVEList
CVE-2014-3628: Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4↗2015-01-06
â–¶

📋Vendor Advisories

2
Red Hat
solr: Cross-site scripting (XSS) vulnerability via the fieldvaluecache object↗2014-12-29
â–¶
Debian
CVE-2014-3628: lucene-solr - Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in ...↗2014
â–¶

💬Community

1
Bugzilla
CVE-2014-3628 solr: Cross-site scripting (XSS) vulnerability via the fieldvaluecache object↗2015-01-07
â–¶
CVE-2014-3628 — Cross-site Scripting in Apache Solr | cvebase