CVE-2020-13954 — Cross-site Scripting in Software Foundation Apache CXF

CWE-79 — Cross-site Scripting8 documents6 sources

Severity

6.1MEDIUMNVD

EPSS

8.4%

top 7.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache CXF Apache CXF Netapp Vasa Provider FOR Clustered Data Ontap +3 more

Timeline

PublishedNov 12

Latest updateApr 15

Description

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages6 packages

▶NVDapache/cxf3.4.0 — 3.4.1+1

▶CVEListV5apache_software_foundation/apache_cxfunspecified — 3.4.1+1

▶NVDnetapp/vasa_provider

▶NVDoracle/business_intelligence4 versions+3

▶NVDoracle/communications_messaging_server8.0.2, 8.1+1

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

OSV

Cross-site scripting in Apache CXF↗2021-04-22

▶

GHSA

Cross-site scripting in Apache CXF↗2021-04-22

▶

CVEList

Apache CXF Reflected XSS in the services listing page via the styleSheetPath↗2020-11-12

▶

📋Vendor Advisories

Oracle

Oracle Oracle Fusion Middleware Risk Matrix: Samples (Apache CXF) — CVE-2020-13954↗2023-04-15

▶

Oracle

Oracle Oracle Communications Applications Risk Matrix: Message Store (Apache CXF) — CVE-2020-13954↗2021-04-15

▶

Oracle

Oracle Oracle Retail Applications Risk Matrix: Supplier Direct Fulfillment (Apache CXF) — CVE-2020-13954↗2021-01-15

▶

Red Hat

cxf: XSS via the styleSheetPath↗2020-11-12

▶