GHSA-v6x2-4q87-rf82

Опубликовано: 27 нояб. 2025

Источник: github

Github: Прошло ревью

CVSS3: 6.1

Описание

Apache SkyWalking has a stored XSS vulnerability

There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache SkyWalking.

This issue affects Apache SkyWalking versions <= 10.2.0.

Users are recommended to upgrade to version 10.3.0, which fixes the issue. Version 10.3.0 has not been uploaded to the Maven registry at time of publish, please see release notes for download instructions.

Ссылки

Пакеты

Наименование

org.apache.skywalking:apm-webapp

maven

Затронутые версииВерсия исправления

<= 10.1.0

Отсутствует

EPSS

Процентиль: 56%

0.00333

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2025-54057

Дефекты

CWE-80

Связанные уязвимости

CVE-2025-54057

CVSS3: 6.1

nvd

2 месяца назад

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache SkyWalking. This issue affects Apache SkyWalking: <= 10.2.0. Users are recommended to upgrade to version 10.3.0, which fixes the issue.

EPSS

Процентиль: 56%

0.00333

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2025-54057

Дефекты

CWE-80