Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apache Solr < 4.10.5 'plugin.js' XSS

Medium

Synopsis

The remote web server contains a Java application that is affected by a persistent cross-site scripting (XSS) vulnerability.

Description

Versions of Apache Solr prior to 4.10.5 are affected by a persistent cross-site scripting vulnerability. Specifically, this affects the Plugin-View area in 'plugins.js' due to a failure to sanitize query histories before returning them to the user of the Solr administration panel. A remote, unauthenticated attacker can exploit this issue to execute arbitrary JavaScript within the context of a victim's browser, allowing the attacker to steal session information, log key strokes, and perform other malicious attacks.

Solution

Upgrade to Solr 4.10.5 or later.