Описание
Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | solr 4.x only |
| devel | not-affected | solr 4.x only |
| esm-apps/xenial | not-affected | solr 4.x only |
| esm-infra-legacy/trusty | not-affected | solr 4.x only |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | not-affected | solr 4.x only |
| trusty/esm | not-affected | solr 4.x only |
| upstream | released | 5.1 |
| vivid/stable-phone-overlay | DNE |
Показывать по
4.3 Medium
CVSS2
6.1 Medium
CVSS3
Связанные уязвимости
Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js.
Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in ...
Improper Neutralization of Input During Web Page Generation in Apache Solr
4.3 Medium
CVSS2
6.1 Medium
CVSS3