6.1

CVE-2025-25247

Apache Felix Webconsole: XSS in services console

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix Webconsole.

This issue affects Apache Felix Webconsole 4.x up to 4.9.8 and 5.x up to 5.0.8.

Users are recommended to upgrade to version 4.9.10 or 5.0.10 or higher, which fixes the issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheFelix Webconsole Version >= 4.0.0 < 4.9.10
ApacheFelix Webconsole Version >= 5.0.0 < 5.0.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.67% 0.475
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://lists.apache.org/thread/z47jbf0rbylzd0ktfzdw9c8b5fpyl24m
Vendor Advisory
Mailing List
Issue Tracking
http://www.openwall.com/lists/oss-security/2025/02/10/1
Third Party Advisory
Mailing List