CVE-2023-6710

🗓️ 12 Dec 2023 22:01:34Reported by redhatType

Flaw in Apache mod_proxy_cluster allows stored XSS via alias paramete

Reporter	Title	Published	Views	Family All 33
0day.today	Apache mod_proxy_cluster - Stored XSS Exploit	13 May 202400:00	–	zdt
GithubExploit	Exploit for Cross-site Scripting in Modcluster Mod_Proxy_Cluster	25 Dec 202309:50	–	githubexploit
GithubExploit	Exploit for Cross-site Scripting in Modcluster Mod_Proxy_Cluster	25 Dec 202309:40	–	githubexploit
AlmaLinux	Moderate: mod_jk and mod_proxy_cluster security update	30 Apr 202400:00	–	almalinux
Circl	CVE-2023-6710	26 Dec 202308:54	–	circl
CNNVD	Apache httpd Cross-Site Scripting Vulnerability	12 Dec 202300:00	–	cnnvd
Cvelist	CVE-2023-6710 Mod_cluster/mod_proxy_cluster: stored cross site scripting	12 Dec 202322:01	–	cvelist
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilites in IBM Rational Build Forge.	2 Apr 202413:12	–	ibm
Exploit DB	Apache mod_proxy_cluster 1.2.6 - Stored XSS	13 May 202400:00	–	exploitdb
Oracle linux	mod_jk and mod_proxy_cluster security update	2 May 202400:00	–	oraclelinux

NVD

Node

modcluster mod_proxy_clusterMatch-

redhat enterprise_linuxMatch9.0

[
  {
    "vendor": "Red Hat",
    "product": "JBoss Core Services for RHEL 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "jbcs-httpd24-mod_proxy_cluster",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.3.20-3.el8jbcs",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:jboss_core_services:1::el8",
      "cpe:/a:redhat:jboss_core_services:1::el7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "JBoss Core Services on RHEL 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "jbcs-httpd24-mod_proxy_cluster",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.3.20-3.el7jbcs",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:jboss_core_services:1::el8",
      "cpe:/a:redhat:jboss_core_services:1::el7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "mod_proxy_cluster",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.3.20-1.el9_4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Text-Only JBCS",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unaffected",
    "packageName": "jbcs-httpd24-mod_proxy_cluster",
    "cpes": [
      "cpe:/a:redhat:jboss_core_services:1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat JBoss Core Services",
    "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
    "packageName": "mod_proxy_cluster",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:jboss_core_services:1"
    ]
  }
]

Source	Link
access	www.access.redhat.com/security/cve/CVE-2023-6710
access	www.access.redhat.com/errata/RHSA-2024:1317
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/errata/RHSA-2024:1316
access	www.access.redhat.com/errata/RHSA-2024:2387

20 Nov 2025 01:24Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.15.4

EPSS0.0107

CWE-79