Page 6 of 32 results (0.018 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js. Múltiples vulnerabilidades de XSS en la Admin UI en Apache Solr en versiones anteriores a 5.1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de campos manipulados que no se manejan correctamente durante el renderizado de la página (1) Analysis, relacionado con webapp/web/js/scripts/analysis.js o (2) Schema-Browser, relacionado con webapp/web/js/scripts/schema-browser.js. • https://issues.apache.org/jira/browse/SOLR-7346 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI. Vulnerabilidad de XSS en webapp/web/js/scripts/plugins.js en la página de inicio en la Admin UI en Apache Solr en versiones anteriores a 5.3.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un parámetro de entrada a una URI plugins/cache. • http://www-01.ibm.com/support/docview.wss?uid=swg21975544 https://issues.apache.org/jira/browse/SOLR-7949 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 2%CPEs: 23EXPL: 0

Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object. Vulnerabilidad de XSS en la página Admin UI Plugin / Stats en Apache Solr 4.x anterior a 4.10.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del objeto fieldvaluecache. • http://mail-archives.us.apache.org/mod_mbox/www-announce/201412.mbox/%3C54A1A7C7.2070804%40apache.org%3E http://secunia.com/advisories/62024 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407. El (1) UpdateRequestHandler para XSLT o (2) XPathEntityProcessor en Apache Solr anteriores a 4.1 permite a atacantes remotos tener un impacto no especificado a través de datos XML que contengan declaraciones de entidad externa en conjunción con referencia a una entidad, relacionado con un problema de XML External Entity (XXE), vectores diferentes a CVE-2013-6407. • http://rhn.redhat.com/errata/RHSA-2013-1844.html http://rhn.redhat.com/errata/RHSA-2014-0029.html http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup https://issues.apache.org/jira/browse/SOLR-3895 https://access.redhat.com/security/cve/CVE-2012-6612 https://bugzilla.redhat.com/show_bug.cgi?id=1035981 •

CVSS: 6.4EPSS: 52%CPEs: 11EXPL: 1

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries. Vulnerabilidad de salto de directorio en SolrResourceLoader en Apache Solr anteriores a 4.6 permite a atacantes remotos leer ficheros arbitrarios a través de un .. (punto puno) o nombre de directorio completo en el parámetro tr de solr/select/, cuando el escritor de respuesta (parámetro wt) se establece a XLST. • http://lucene.apache.org/solr/4_6_0/changes/Changes.html http://rhn.redhat.com/errata/RHSA-2013-1844.html http://rhn.redhat.com/errata/RHSA-2014-0029.html http://secunia.com/advisories/55730 http://secunia.com/advisories/59372 http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html http://www.openwall.com/lists/oss-security/2013/11/27/1 http://www.securityfocus.com/bid/63935 https://issues.apache.org/ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •