CVE-2015-8795

CWE-79 ā€” Cross-site Scripting (XSS)7 documents6 sources
Severity
6.1MEDIUM
EPSS
2.6%
top 14.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Solr
Timeline
PublishedFeb 15
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

ā–¶Mavenorg.apache.solr:solr-core< 5.1.0
ā–¶NVDapache/solr5.0

šŸ”“Vulnerability Details

3
OSV
Improper Neutralization of Input During Web Page Generation in Apache Solrā†—2022-05-17
ā–¶
GHSA
Improper Neutralization of Input During Web Page Generation in Apache Solrā†—2022-05-17
ā–¶
CVEList
CVE-2015-8795: Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5ā†—2016-02-15
ā–¶

šŸ“‹Vendor Advisories

1
Debian
CVE-2015-8795: lucene-solr - Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache So...ā†—2015
ā–¶

šŸ’¬Community

2
Bugzilla
CVE-2015-8795 solr: multiple XSS vulnerabilitiesā†—2016-02-15
ā–¶
Bugzilla
CVE-2015-8795 CVE-2015-8796 CVE-2015-8797 solr: multiple XSS vulnerabilities [fedora-all]ā†—2016-02-15
ā–¶
CVE-2015-8795 (MEDIUM CVSS 6.1) | Multiple cross-site scripting (XSS) | cvebase.io