Your submission was sent successfully! Close

CVE-2015-8796

Published: 15 February 2016

Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL.

Notes

AuthorNote
sbeattie
affected SOLR 4.x and newer only
Priority

Medium

CVSS 3 base score: 6.1

Status

Package Release Status
lucene-solr
Launchpad, Ubuntu, Debian
artful Not vulnerable
(solr 4.x only)
precise Does not exist

trusty Does not exist
(trusty was not-affected [solr 4.x only])
upstream
Released (5.3)
wily Ignored
(reached end-of-life)
xenial Not vulnerable
(solr 4.x only)
yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)