XSS in Apache Solr

CVE-2014-3628

Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.014 (80.7th percentile) — read the EPSS interpretation.

Affected products

Apache Solr — versions 4.0.0, 4.1.0, 4.2.0
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

62024 (x_refsource_SECUNIA, third-party-advisory)
[www-announce] 20141229 Apache Solr 4.10.3 released (mailing-list, x_refsource_MLIST)