6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
48.5%
Security vulnerability in Apache bRPC <=1.6.0 on all platforms allows attackers to inject XSS code to the builtin rpcz page.
An attacker that can send http request to bRPC server with rpcz enabled canย inject arbitrary XSS code to the builtin rpcz page.
Solutionย (choose one of three):
CPE | Name | Operator | Version |
---|---|---|---|
apache:brpc | apache brpc | lt | 1.6.1 |
[
{
"defaultStatus": "unaffected",
"product": "Apache bRPC",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.6.0",
"status": "affected",
"version": "0.9.0",
"versionType": "semver"
}
]
}
]