Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apache Solr < 5.3.1 XSS

Medium

Synopsis

The remote web server contains a Java application that is affected by a persistent cross-site scripting (XSS) vulnerability.

Description

Versions of Apache Solr prior to 5.3.1 are affected by a persistent cross-site scripting vulnerability. Specifically, this flaw exists because the Admin UI stats page does not validate input before returning it to users. A remote, unauthenticated attacker can exploit this issue to execute arbitrary JavaScript within the context of a victim's browser, allowing the attacker to steal session information, log key strokes, and perform other malicious attacks.

Solution

Upgrade to Solr 5.3.1 or later.