60 matches found
Security Bulletin: Due to use of apache.felix.webconsole, IBM webMethods BPM is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability
Summary IBM webMethods BPM is using apache.felix.webconsole. Vulnerability Details CVEID:CVE-2025-25247 DESCRIPTION: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Felix Webconsole. This issue affects Apache Felix Webconsole 4.x up to...
Security Bulletin: Due to use of apache.felix.webconsole, IBM webMethods BPM is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability
Summary IBM webMethods BPM is using apache.felix.webconsole. Vulnerability Details CVEID:CVE-2025-25247 DESCRIPTION: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Felix Webconsole. This issue affects Apache Felix Webconsole 4.x up to...
Malicious code in @apache-felix/felix-antora-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b51d8cb92483d748cafc2b53ff5dfcef6b4c8e4dbe7b73c671a3a5cb338a9aaf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2025-36791
Malicious code in @apache-felix/felix-antora-ui npm...
MAL-2025-48959 Malicious code in @apache-felix/felix-antora-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b51d8cb92483d748cafc2b53ff5dfcef6b4c8e4dbe7b73c671a3a5cb338a9aaf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2025-7206
Malicious code in bioql PyPI...
EUVD-2025-4096
Malicious code in bioql PyPI...
PT-2025-40823
CVE-2025-61585 - Apache Felix Unvalidated User Input CVE ID : CVE-2025-61585 Published : Oct. 3, 2025, 9:15 p.m. | 2 hours, 13 minutes ago Description : Rejected reason: Further research determined the issue is not an independent vulnerability as it originates from Apache Felix. Severity: 0.0 | N...
Cross-Site Scripting (XSS)
org.apache.felix, org.apache.felix.http.webconsoleplugin is vulnerable to cross-site scripting XSS. The vulnerability is due to improper neutralization of user input during web page generation, allowing an attacker to inject and execute malicious scripts in a victim’s browser through improperly...
CVE-2025-27867
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Felix HTTP Webconsole Plugin. This issue affects Apache Felix HTTP Webconsole Plugin: from Version 1.X through 1.2.0. Users are recommended to upgrade to version 1.2.2, which fixes the issue...
GHSA-2CV6-4F2R-JQ2C Apache Felix HTTP Webconsole Plugin: XSS in HTTP Webconsole Plugin
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Felix HTTP Webconsole Plugin. This issue affects Apache Felix HTTP Webconsole Plugin: from Version 1.X through 1.2.0. Users are recommended to upgrade to version 1.2.2, which fixes the issue...
Apache Felix HTTP Webconsole Plugin: XSS in HTTP Webconsole Plugin
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Felix HTTP Webconsole Plugin. This issue affects Apache Felix HTTP Webconsole Plugin: from Version 1.X through 1.2.0. Users are recommended to upgrade to version 1.2.2, which fixes the issue...
CVE-2025-27867
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Felix HTTP Webconsole Plugin. This issue affects Apache Felix HTTP Webconsole Plugin: from Version 1.X through 1.2.0. Users are recommended to upgrade to version 1.2.2, which fixes the issue...
CVE-2025-27867
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Felix HTTP Webconsole Plugin. This issue affects Apache Felix HTTP Webconsole Plugin: from Version 1.X through 1.2.0. Users are recommended to upgrade to version 1.2.2, which fixes the issue...
CVE-2025-27867 Apache Felix HTTP Webconsole Plugin: XSS in HTTP Webconsole Plugin
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Felix HTTP Webconsole Plugin. This issue affects Apache Felix HTTP Webconsole Plugin: from Version 1.X through 1.2.0. Users are recommended to upgrade to version 1.2.2, which fixes the issue...
CVE-2025-27867
The CVE-2025-27867 entry concerns an XSS flaw in the Apache Felix HTTP Webconsole Plugin. Affected versions are 1.X through 1.2.0; the root cause is improper neutralization of input during web page generation. Impact is consistent with a Cross-Site Scripting risk affecting users of the Webconsole...
CVE-2025-27867 Apache Felix HTTP Webconsole Plugin: XSS in HTTP Webconsole Plugin
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Felix HTTP Webconsole Plugin. This issue affects Apache Felix HTTP Webconsole Plugin: from Version 1.X through 1.2.0. Users are recommended to upgrade to version 1.2.2, which fixes the issue...
PT-2025-11107 · Apache · Apache Felix Http Webconsole Plugin
Name of the Vulnerable Software and Affected Versions: Apache Felix HTTP Webconsole Plugin versions 1.X through 1.2.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. Users are advised to upgrade to a newer versi...
Apache Felix HTTP Webconsole Plugin 安全漏洞
Apache Felix HTTP Webconsole Plugin is a plugin from Apache Corporation USA. A security vulnerability exists in Apache Felix HTTP Webconsole Plugin versions 1.X through 1.2.0 that originates from improper input neutralization during web page generation and could lead to a cross-site scripting...
CVE-2023-38435
An improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 vulnerability in Apache Felix Healthcheck Webconsole Plugin version 2.0.2 and prior may allow an attacker to perform a reflected cross-site scripting XSS attack. Upgrade to Apache Felix Healthcheck...