CVE-2015-8796

CWE-79 — Cross-site Scripting (XSS)7 documents6 sources

Severity

6.1MEDIUM

EPSS

2.6%

top 14.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Solr

Timeline

PublishedFeb 15

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶Mavenorg.apache.solr:solr< 5.3

▶NVDapache/solr5.2.1

🔴Vulnerability Details

OSV

Apache Solr Cross-site scripting Vulnerability↗2022-05-17

▶

GHSA

Apache Solr Cross-site scripting Vulnerability↗2022-05-17

▶

CVEList

CVE-2015-8796: Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser↗2016-02-15

▶

📋Vendor Advisories

Debian

CVE-2015-8796: lucene-solr - Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser...↗2015

▶

💬Community

Bugzilla

CVE-2015-8795 CVE-2015-8796 CVE-2015-8797 solr: multiple XSS vulnerabilities [fedora-all]↗2016-02-15

▶

Bugzilla

CVE-2015-8795 solr: multiple XSS vulnerabilities↗2016-02-15

▶