CVE-2015-8797

CWE-79 — Cross-site Scripting (XSS)7 documents6 sources
Severity
6.1MEDIUM
EPSS
2.1%
top 16.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Solr
Timeline
PublishedFeb 15
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

â–¶Mavenorg.apache.solr:solr-core< 5.3.1
â–¶NVDapache/solr5.3

🔴Vulnerability Details

3
OSV
Improper Neutralization of Input During Web Page Generation in Apache Solr↗2022-05-17
â–¶
GHSA
Improper Neutralization of Input During Web Page Generation in Apache Solr↗2022-05-17
â–¶
CVEList
CVE-2015-8797: Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins↗2016-02-15
â–¶

📋Vendor Advisories

1
Debian
CVE-2015-8797: lucene-solr - Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in ...↗2015
â–¶

💬Community

2
Bugzilla
CVE-2015-8795 CVE-2015-8796 CVE-2015-8797 solr: multiple XSS vulnerabilities [fedora-all]↗2016-02-15
â–¶
Bugzilla
CVE-2015-8795 solr: multiple XSS vulnerabilities↗2016-02-15
â–¶
CVE-2015-8797 (MEDIUM CVSS 6.1) | Cross-site scripting (XSS) vulnerab | cvebase.io