CVE-2014-3628
Improper Neutralization of Input During Web Page Generation in Apache Solr
EPSS 1.4%
Description
Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object.
How to fix CVE-2014-3628
To remediate CVE-2014-3628, upgrade the affected package to a fixed version below.
- Maven/org.apache.solr:solr—upgrade to 4.10.3 or later
Is CVE-2014-3628 being exploited?
Low — EPSS is 1.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 4.0.0, < 4.10.3