An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Apache Felix Healthcheck Webconsole Plugin version 2.0.2 and prior may allow an attacker to perform a reflected cross-site scripting (XSS) attack.
Upgrade to Apache Felix Healthcheck Webconsole Plugin 2.1.0 or higher.
References
| Link | Resource |
|---|---|
| http://seclists.org/fulldisclosure/2023/Jul/43 | Mailing List Not Applicable Third Party Advisory |
| http://www.openwall.com/lists/oss-security/2023/07/25/10 | Mailing List Third Party Advisory |
| https://lists.apache.org/thread/r3blhp3onr4rdbkgdyglqnccg0v79pfv | Mailing List |
| http://seclists.org/fulldisclosure/2023/Jul/43 | Mailing List Not Applicable Third Party Advisory |
| http://www.openwall.com/lists/oss-security/2023/07/25/10 | Mailing List Third Party Advisory |
| https://lists.apache.org/thread/r3blhp3onr4rdbkgdyglqnccg0v79pfv | Mailing List |
Configurations
History
13 Feb 2025, 17:16
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (en) An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Apache Felix Healthcheck Webconsole Plugin version 2.0.2 and prior may allow an attacker to perform a reflected cross-site scripting (XSS) attack. Upgrade to Apache Felix Healthcheck Webconsole Plugin 2.1.0 or higher. |
Information
Published : 2023-07-25 16:15
Updated : 2025-02-13 17:16
NVD link : CVE-2023-38435
Mitre link : CVE-2023-38435
CVE.ORG link : CVE-2023-38435
JSON object : View
Products Affected
apache
- felix_health_check_webconsole_plugin
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')