CVE-2014-3628

2015-01-0615:00:00

redhat

www.cve.org

5.5 Medium

AI Score

Confidence

High

0.02 Low

EPSS

Percentile

88.8%

JSON

Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object.

References

mail-archives.us.apache.org/mod_mbox/www-announce/201412.mbox/%3C54A1A7C7.2070804%40apache.org%3E

secunia.com/advisories/62024