[Bug 1308619] New: CVE-2015-8795 solr: multiple XSS vulnerabilities
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1308619
Bug ID: 1308619
Summary: CVE-2015-8795 solr: multiple XSS vulnerabilities
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: java-sig-commits(a)lists.fedoraproject.org,
puntogil(a)libero.it
CVE 2015-8795:
Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in
Apache Solr before 5.1 allow remote attackers to inject arbitrary web
script or HTML via crafted fields that are mishandled during the
rendering of the (1) Analysis page, related to
webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related
to webapp/web/js/scripts/schema-browser.js.
https://issues.apache.org/jira/browse/SOLR-7346
CVE 2015-8796:
Cross-site scripting (XSS) vulnerability in
webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr
before 5.3 allows remote attackers to inject arbitrary web script or
HTML via a crafted schema-browse URL.
https://issues.apache.org/jira/browse/SOLR-7920
CVE 2015-8797:
Cross-site scripting (XSS) vulnerability in
webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in
Apache Solr before 5.3.1 allows remote attackers to inject arbitrary
web script or HTML via the entry parameter to a plugins/cache URI.
https://issues.apache.org/jira/browse/SOLR-7949
--
You are receiving this mail because:
You are on the CC list for the bug.
7 years, 11 months