CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

60 matches found

IBM Security Bulletins•added 2026/03/05 2:23 p.m.•2 views

Security Bulletin: Due to use of apache.felix.webconsole, IBM webMethods BPM is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability

Summary IBM webMethods BPM is using apache.felix.webconsole. Vulnerability Details CVEID:CVE-2025-25247 DESCRIPTION: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Felix Webconsole. This issue affects Apache Felix Webconsole 4.x up to...

6.1CVSS5.8AI score0.01666EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/02/03 9:4 a.m.•4 views

Security Bulletin: Due to use of apache.felix.webconsole, IBM webMethods BPM is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability

6.1CVSS5.2AI score0.01666EPSS

Exploits0Affected Software1

EUVD•added 2025/10/29 10:51 p.m.•1 views

EUVD-2025-36791

Malicious code in @apache-felix/felix-antora-ui npm...

6.6AI score

Exploits0References1

OSSF Malicious Packages•added 2025/10/29 10:51 p.m.•3 views

Malicious code in @apache-felix/felix-antora-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b51d8cb92483d748cafc2b53ff5dfcef6b4c8e4dbe7b73c671a3a5cb338a9aaf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score

Exploits0References2

OSV•added 2025/10/29 10:51 p.m.•1 views

MAL-2025-48959 Malicious code in @apache-felix/felix-antora-ui (npm)

6.8AI score

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•6 views

EUVD-2025-7206

Malicious code in bioql PyPI...

5.6CVSS6.3AI score0.00186EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-4096

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.01666EPSS

Exploits0References4

Positive Technologies•added 2025/10/03 12:0 a.m.•2 views

PT-2025-40823

CVE-2025-61585 - Apache Felix Unvalidated User Input CVE ID : CVE-2025-61585 Published : Oct. 3, 2025, 9:15 p.m. | 2 hours, 13 minutes ago Description : Rejected reason: Further research determined the issue is not an independent vulnerability as it originates from Apache Felix. Severity: 0.0 | N...

6.4AI score

Exploits0References1

Veracode•added 2025/03/18 2:47 a.m.•4 views

Cross-Site Scripting (XSS)

org.apache.felix, org.apache.felix.http.webconsoleplugin is vulnerable to cross-site scripting XSS. The vulnerability is due to improper neutralization of user input during web page generation, allowing an attacker to inject and execute malicious scripts in a victim’s browser through improperly...

5.6CVSS6.2AI score0.00186EPSS

Exploits0References4Affected Software1

RedhatCVE•added 2025/03/15 7:38 a.m.•19 views

CVE-2025-27867

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Felix HTTP Webconsole Plugin. This issue affects Apache Felix HTTP Webconsole Plugin: from Version 1.X through 1.2.0. Users are recommended to upgrade to version 1.2.2, which fixes the issue...

5.6CVSS6.8AI score0.00186EPSS

Exploits0References1

OSV•added 2025/03/12 6:32 p.m.•3 views

GHSA-2CV6-4F2R-JQ2C Apache Felix HTTP Webconsole Plugin: XSS in HTTP Webconsole Plugin

6.3CVSS6.8AI score0.00186EPSS

Exploits0References4

Github Security Blog•added 2025/03/12 6:32 p.m.•11 views

Apache Felix HTTP Webconsole Plugin: XSS in HTTP Webconsole Plugin

5.6CVSS7.1AI score0.00186EPSS

Exploits0References4Affected Software1

NVD•added 2025/03/12 4:15 p.m.•8 views

CVE-2025-27867

5.6CVSS0.00186EPSS

Exploits0References2

OSV•added 2025/03/12 4:15 p.m.•2 views

CVE-2025-27867

5.6CVSS6.2AI score

Exploits0References2

Vulnrichment•added 2025/03/12 3:51 p.m.•7 views

CVE-2025-27867 Apache Felix HTTP Webconsole Plugin: XSS in HTTP Webconsole Plugin

7.1AI score0.00186EPSS

Exploits0References1

CVE•added 2025/03/12 3:51 p.m.•50 views

CVE-2025-27867

The CVE-2025-27867 entry concerns an XSS flaw in the Apache Felix HTTP Webconsole Plugin. Affected versions are 1.X through 1.2.0; the root cause is improper neutralization of input during web page generation. Impact is consistent with a Cross-Site Scripting risk affecting users of the Webconsole...

5.6CVSS6.5AI score0.00186EPSS

Exploits0References2Affected Software1

Cvelist•added 2025/03/12 3:51 p.m.•13 views

CVE-2025-27867 Apache Felix HTTP Webconsole Plugin: XSS in HTTP Webconsole Plugin

0.00186EPSS

Exploits0References1

Positive Technologies•added 2025/03/12 12:0 a.m.•3 views

PT-2025-11107 · Apache · Apache Felix Http Webconsole Plugin

Name of the Vulnerable Software and Affected Versions: Apache Felix HTTP Webconsole Plugin versions 1.X through 1.2.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. Users are advised to upgrade to a newer versi...

5.6CVSS6.2AI score0.00186EPSS

Exploits0References15

CNNVD•added 2025/03/12 12:0 a.m.•1 views

Apache Felix HTTP Webconsole Plugin 安全漏洞

Apache Felix HTTP Webconsole Plugin is a plugin from Apache Corporation USA. A security vulnerability exists in Apache Felix HTTP Webconsole Plugin versions 1.X through 1.2.0 that originates from improper input neutralization during web page generation and could lead to a cross-site scripting...

5.6CVSS5.8AI score0.00186EPSS

Exploits0References2

RedhatCVE•added 2025/02/14 12:44 p.m.•8 views

CVE-2023-38435

An improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 vulnerability in Apache Felix Healthcheck Webconsole Plugin version 2.0.2 and prior may allow an attacker to perform a reflected cross-site scripting XSS attack. Upgrade to Apache Felix Healthcheck...

6.1CVSS5.7AI score0.01368EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by