oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

FELIX-6753: CVE-2025-27867: Apache Felix HTTP Webconsole Plugin: XSS in HTTP Webconsole Plugin

From: Carsten Ziegeler <cziegeler () apache org>
Date: Wed, 12 Mar 2025 15:34:06 +0000
Severity: moderate

Affected versions:

- Apache Felix HTTP Webconsole Plugin Version 1.x through 1.2.0

Description:

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix HTTP 
Webconsole Plugin.

This issue affects Apache Felix HTTP Webconsole Plugin: from Version 1.X through 1.2.0.

Users are recommended to upgrade to version 1.2.2, which fixes the issue.

Credit:

Viktor Mares (me () viktormares com) (finder)

References:

https://felix.apache.org/
https://www.cve.org/CVERecord?id=CVE-2025-27867
Previous By Date Next
Previous By Thread Next

Current thread: