CVE-2025-25247 Apache Felix Webconsole: XSS in services console

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Felix Webconsole. This issue affects Apache Felix Webconsole 4.x up to 4.9.8 and 5.x up to 5.0.8. Users are recommended to upgrade to version 4.9.10 or 5.0.10 or higher, which fixes the issu...

CVE-2025-25247

Apache Felix Webconsole CVE-2025-25247 is a Cross-site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation. Itffects Apache Felix Webconsole with 4.x up to 4.9.8 and 5.x up to 5.0.8. The CVSS v3.1 base score is 6.1 (Network attack vector, no privile...

CVE-2025-25247 Apache Felix Webconsole: XSS in services console

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Felix Webconsole. This issue affects Apache Felix Webconsole 4.x up to 4.9.8 and 5.x up to 5.0.8. Users are recommended to upgrade to version 4.9.10 or 5.0.10 or higher, which fixes the issu...

PT-2025-6037 · Apache · Apache Felix Webconsole

Name of the Vulnerable Software and Affected Versions: Apache Felix Webconsole versions 4.x up to 4.9.8 Apache Felix Webconsole versions 5.x up to 5.0.8 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allow...

Apache Felix Webconsole 跨站脚本漏洞

Apache Felix Webconsole is a simple tool from the Apache USA Foundation to inspect and manage OSGi framework instances using a web browser. A cross-site scripting vulnerability exists in Apache Felix Webconsole versions 4.x through 4.9.8 and 5.x through 5.0.8, which stems from incorrect...

MAL-2024-6617 Malicious code in apache-felix_webconsole_client (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in apache-felix_webconsole_client (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 Privilege Escalation

Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC + twitter.com/striv3r Vendor Tp-Link http://tp-link.com Product JetStream Smart Switch - TL-SG2210P v5.0 Build 20211201 Vulnerability Type Improper Access Control Affected Product Code Base JetStream Smart Switch - TL-SG2210P...

GHSA-4PVW-G9FX-594R Cross-site Scripting in healthcheck webconsole plugin

An improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 vulnerability in Apache Felix Healthcheck Webconsole Plugin version 2.0.2 and prior may allow an attacker to perform a reflected cross-site scripting XSS attack. Upgrade to Apache Felix Healthcheck...

Cross-site Scripting in healthcheck webconsole plugin

An improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 vulnerability in Apache Felix Healthcheck Webconsole Plugin version 2.0.2 and prior may allow an attacker to perform a reflected cross-site scripting XSS attack. Upgrade to Apache Felix Healthcheck...

CVE-2023-38435

An improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 vulnerability in Apache Felix Healthcheck Webconsole Plugin version 2.0.2 and prior may allow an attacker to perform a reflected cross-site scripting XSS attack. Upgrade to Apache Felix Healthcheck...

CVE-2023-38435

An improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 vulnerability in Apache Felix Healthcheck Webconsole Plugin version 2.0.2 and prior may allow an attacker to perform a reflected cross-site scripting XSS attack. Upgrade to Apache Felix Healthcheck...

CVE-2023-38435 Apache Felix Healthcheck Webconsole Plugin: XSS in healthcheck webconsole plugin

An improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 vulnerability in Apache Felix Healthcheck Webconsole Plugin version 2.0.2 and prior may allow an attacker to perform a reflected cross-site scripting XSS attack. Upgrade to Apache Felix Healthcheck...

CVE-2023-38435

CVE-2023-38435 concerns the Apache Felix Healthcheck Webconsole Plugin (v2.0.2 and earlier). The vulnerability arises from an improper neutralization of input during web page generation, i.e., a reflected Cross-Site Scripting (XSS) flaw (CWE-79). This could allow an attacker to inject and execute...

PT-2023-26420 · Apache · Apache Felix Healthcheck Webconsole Plugin

Name of the Vulnerable Software and Affected Versions: Apache Felix Healthcheck Webconsole Plugin versions 2.0.2 and prior Description: An improper neutralization of input during web page generation, also known as Cross-site Scripting, may allow an attacker to perform a reflected cross-site...

Apache Felix Healthcheck Webconsole Plugin 跨站脚本漏洞

Apache Felix Healthcheck Webconsole Plugin is a web console plugin from the Apache Foundation USA. A cross-site scripting vulnerability exists in Apache Felix Healthcheck Webconsole Plugin 2.0.2 and earlier versions, which stems from the presence of a reflected cross-site scripting XSS...

CVE-2023-3607

A vulnerability was found in kodbox 1.26. It has been declared as critical. This vulnerability affects the function Execute of the file webconsole.php.txt of the component WebConsole Plug-In. The manipulation leads to os command injection. The exploit has been disclosed to the public and may be...

Command injection

A vulnerability was found in kodbox 1.26. It has been declared as critical. This vulnerability affects the function Execute of the file webconsole.php.txt of the component WebConsole Plug-In. The manipulation leads to os command injection. The exploit has been disclosed to the public and may be...

CVE-2023-3607 kodbox WebConsole Plug-In webconsole.php.txt Execute os command injection

A vulnerability was found in kodbox 1.26. It has been declared as critical. This vulnerability affects the function Execute of the file webconsole.php.txt of the component WebConsole Plug-In. The manipulation leads to os command injection. The exploit has been disclosed to the public and may be...

CVE-2023-3607

CVE-2023-3607 affects kodbox 1.26, specifically the Execute function in the WebConsole Plug-In (webconsole.php.txt), enabling os command injection. Exploit disclosed publicly; vendor response unavailable. The issue is described consistently across sources, with a high severity in CVSS terms. Prac...