New subject: [Bug 1308619] CVE-2015-8795 solr: multiple XSS vulnerabilities

15 Feb 2016


      https://bugzilla.redhat.com/show_bug.cgi?id=1308619
Bug ID: 1308619
           Summary: CVE-2015-8795 solr: multiple XSS vulnerabilities
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: security-response-team@redhat.com
          Reporter: anemec@redhat.com
                CC: java-sig-commits@lists.fedoraproject.org,
                    puntogil@libero.it
CVE 2015-8795:
Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in
Apache Solr before 5.1 allow remote attackers to inject arbitrary web
script or HTML via crafted fields that are mishandled during the
rendering of the (1) Analysis page, related to
webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related
to webapp/web/js/scripts/schema-browser.js.
https://issues.apache.org/jira/browse/SOLR-7346
CVE 2015-8796:
Cross-site scripting (XSS) vulnerability in
webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr
before 5.3 allows remote attackers to inject arbitrary web script or
HTML via a crafted schema-browse URL.
https://issues.apache.org/jira/browse/SOLR-7920
CVE 2015-8797:
Cross-site scripting (XSS) vulnerability in
webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in
Apache Solr before 5.3.1 allows remote attackers to inject arbitrary
web script or HTML via the entry parameter to a plugins/cache URI.
https://issues.apache.org/jira/browse/SOLR-7949
-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug 1308619] New: CVE-2015-8795 solr: multiple XSS vulnerabilities