Description
Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js.
Remediation
References
https://issues.apache.org/jira/browse/SOLR-7346
Related Vulnerabilities
CVE-2023-46233 Vulnerability in maven package org.webjars.npm:crypto-js
CVE-2018-1334 Vulnerability in maven package org.apache.spark:spark-core
CVE-2007-1358 Vulnerability in maven package tomcat:tomcat-http11
CVE-2013-4390 Vulnerability in maven package org.apache.sling:org.apache.sling.auth.core
CVE-2016-3093 Vulnerability in maven package org.apache.struts.xwork:xwork-core