62 matches found
Security Bulletin: Due to use of apache.felix.webconsole, IBM webMethods BPM is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability
Summary IBM webMethods BPM is using apache.felix.webconsole. Vulnerability Details CVEID:CVE-2025-25247 DESCRIPTION: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Felix Webconsole. This issue affects Apache Felix Webconsole 4.x up to...
Security Bulletin: Due to use of apache.felix.webconsole, IBM webMethods BPM is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability
Summary IBM webMethods BPM is using apache.felix.webconsole. Vulnerability Details CVEID:CVE-2025-25247 DESCRIPTION: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Felix Webconsole. This issue affects Apache Felix Webconsole 4.x up to...
EUVD-2025-36791
Malicious code in @apache-felix/felix-antora-ui npm...
Malicious code in @apache-felix/felix-antora-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b51d8cb92483d748cafc2b53ff5dfcef6b4c8e4dbe7b73c671a3a5cb338a9aaf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-48959 Malicious code in @apache-felix/felix-antora-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b51d8cb92483d748cafc2b53ff5dfcef6b4c8e4dbe7b73c671a3a5cb338a9aaf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2025-7206
Malicious code in bioql PyPI...
EUVD-2025-4096
Malicious code in bioql PyPI...
PT-2025-40823
CVE-2025-61585 - Apache Felix Unvalidated User Input CVE ID : CVE-2025-61585 Published : Oct. 3, 2025, 9:15 p.m. | 2 hours, 13 minutes ago Description : Rejected reason: Further research determined the issue is not an independent vulnerability as it originates from Apache Felix. Severity: 0.0 | N...
The vulnerability in the Web Console management console for OSGi frameworks like Apache Felix allows a attacker to execute cross-site scripting attacks.
The vulnerability of the Web Console Management for OSGi frameworks like Apache Felix is related to the lack of protective measures for the structure of web pages. Exploiting this vulnerability allows a malicious actor to carry out a cross-site scripting attack remotely...
The vulnerability of the Apache Felix HTTP Webconsole plugin, which stems from the lack of protective measures for website structure, allows attackers to perform cross-site scripting attacks.
The vulnerability of the Apache Felix HTTP Webconsole plugin is related to the lack of security measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
Cross-Site Scripting (XSS)
org.apache.felix, org.apache.felix.http.webconsoleplugin is vulnerable to cross-site scripting XSS. The vulnerability is due to improper neutralization of user input during web page generation, allowing an attacker to inject and execute malicious scripts in a victim’s browser through improperly...
CVE-2025-27867
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Felix HTTP Webconsole Plugin. This issue affects Apache Felix HTTP Webconsole Plugin: from Version 1.X through 1.2.0. Users are recommended to upgrade to version 1.2.2, which fixes the issue...
Apache Felix HTTP Webconsole Plugin: XSS in HTTP Webconsole Plugin
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Felix HTTP Webconsole Plugin. This issue affects Apache Felix HTTP Webconsole Plugin: from Version 1.X through 1.2.0. Users are recommended to upgrade to version 1.2.2, which fixes the issue...
GHSA-2CV6-4F2R-JQ2C Apache Felix HTTP Webconsole Plugin: XSS in HTTP Webconsole Plugin
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Felix HTTP Webconsole Plugin. This issue affects Apache Felix HTTP Webconsole Plugin: from Version 1.X through 1.2.0. Users are recommended to upgrade to version 1.2.2, which fixes the issue...
CVE-2025-27867
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Felix HTTP Webconsole Plugin. This issue affects Apache Felix HTTP Webconsole Plugin: from Version 1.X through 1.2.0. Users are recommended to upgrade to version 1.2.2, which fixes the issue...
CVE-2025-27867
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Felix HTTP Webconsole Plugin. This issue affects Apache Felix HTTP Webconsole Plugin: from Version 1.X through 1.2.0. Users are recommended to upgrade to version 1.2.2, which fixes the issue...
CVE-2025-27867 Apache Felix HTTP Webconsole Plugin: XSS in HTTP Webconsole Plugin
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Felix HTTP Webconsole Plugin. This issue affects Apache Felix HTTP Webconsole Plugin: from Version 1.X through 1.2.0. Users are recommended to upgrade to version 1.2.2, which fixes the issue...
CVE-2025-27867
The CVE-2025-27867 entry concerns an XSS flaw in the Apache Felix HTTP Webconsole Plugin. Affected versions are 1.X through 1.2.0; the root cause is improper neutralization of input during web page generation. Impact is consistent with a Cross-Site Scripting risk affecting users of the Webconsole...
CVE-2025-27867 Apache Felix HTTP Webconsole Plugin: XSS in HTTP Webconsole Plugin
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Felix HTTP Webconsole Plugin. This issue affects Apache Felix HTTP Webconsole Plugin: from Version 1.X through 1.2.0. Users are recommended to upgrade to version 1.2.2, which fixes the issue...
Apache Felix HTTP Webconsole Plugin 安全漏洞
Apache Felix HTTP Webconsole Plugin is a plugin from Apache Corporation USA. A security vulnerability exists in Apache Felix HTTP Webconsole Plugin versions 1.X through 1.2.0 that originates from improper input neutralization during web page generation and could lead to a cross-site scripting...