Lucene search

GitHub Advisory DatabaseGHSA-4PVW-G9FX-594R

HistoryJul 25, 2023 - 6:30 p.m.

Cross-site Scripting in healthcheck webconsole plugin

2023-07-2518:30:32

CWE-79

GitHub Advisory Database

github.com

cross-site scripting

apache felix healthcheck

cwe-79

upgrade

webconsole plugin

vulnerability

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.006 Low

EPSS

Percentile

77.9%

JSON

An improper neutralization of input during web page generation (‘Cross-site Scripting’) [CWE-79] vulnerability in Apache Felix Healthcheck Webconsole Plugin version 2.0.2 and prior may allow an attacker to perform a reflected cross-site scripting (XSS) attack.

Upgrade to Apache Felix Healthcheck Webconsole Plugin 2.1.0 or higher.

Affected configurations

Vulners

Node

org.apache.felix\Matchorg.apache.felix.healthcheck.webconsoleplugin

CPENameOperatorVersion
org.apache.felix:org.apache.felix.healthcheck.webconsolepluginlt2.1.0

CPE	Name	Operator	Version
	org.apache.felix:org.apache.felix.healthcheck.webconsoleplugin	lt	2.1.0

References

seclists.org/fulldisclosure/2023/Jul/43

www.openwall.com/lists/oss-security/2023/07/25/10

github.com/advisories/GHSA-4pvw-g9fx-594r

github.com/apache/felix-dev/commit/c4e67520e0a4499389342491869919a6c42ed62c

lists.apache.org/thread/r3blhp3onr4rdbkgdyglqnccg0v79pfv

nvd.nist.gov/vuln/detail/CVE-2023-38435

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.006 Low

EPSS

Percentile

77.9%

JSON

Related for GHSA-4PVW-G9FX-594R