CVE-2014-3628: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

May 17, 2022 (updated July 7, 2022)

Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object.

References

mail-archives.us.apache.org/mod_mbox/www-announce/201412.mbox/%3C54A1A7C7.2070804@apache.org%3E
github.com/advisories/GHSA-wgw2-gw4v-9w4j
nvd.nist.gov/vuln/detail/CVE-2014-3628

Detect and mitigate CVE-2014-3628 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →