Vulnerability Details CVE-2015-8796
Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.026
EPSS Ranking 84.6%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2015-8796
-
cpe:2.3:a:apache:solr:-
-
cpe:2.3:a:apache:solr:1.1.0
-
cpe:2.3:a:apache:solr:1.2
-
cpe:2.3:a:apache:solr:1.2.0
-
cpe:2.3:a:apache:solr:1.3.0
-
cpe:2.3:a:apache:solr:1.4.0
-
cpe:2.3:a:apache:solr:1.4.1
-
cpe:2.3:a:apache:solr:3.1
-
cpe:2.3:a:apache:solr:3.1.0
-
cpe:2.3:a:apache:solr:3.2
-
cpe:2.3:a:apache:solr:3.2.0
-
cpe:2.3:a:apache:solr:3.3
-
cpe:2.3:a:apache:solr:3.3.0
-
cpe:2.3:a:apache:solr:3.4.0
-
cpe:2.3:a:apache:solr:3.5.0
-
cpe:2.3:a:apache:solr:3.6.0
-
cpe:2.3:a:apache:solr:3.6.1
-
cpe:2.3:a:apache:solr:3.6.2
-
cpe:2.3:a:apache:solr:4.0.0
-
cpe:2.3:a:apache:solr:4.1.0
-
cpe:2.3:a:apache:solr:4.10.0
-
cpe:2.3:a:apache:solr:4.10.1
-
cpe:2.3:a:apache:solr:4.10.2
-
cpe:2.3:a:apache:solr:4.10.3
-
cpe:2.3:a:apache:solr:4.10.4
-
cpe:2.3:a:apache:solr:4.2.0
-
cpe:2.3:a:apache:solr:4.2.1
-
cpe:2.3:a:apache:solr:4.3.0
-
cpe:2.3:a:apache:solr:4.3.1
-
cpe:2.3:a:apache:solr:4.4.0
-
cpe:2.3:a:apache:solr:4.5.0
-
cpe:2.3:a:apache:solr:4.5.1
-
cpe:2.3:a:apache:solr:4.6.0
-
cpe:2.3:a:apache:solr:4.6.1
-
cpe:2.3:a:apache:solr:4.7.0
-
cpe:2.3:a:apache:solr:4.7.1
-
cpe:2.3:a:apache:solr:4.7.2
-
cpe:2.3:a:apache:solr:4.8.0
-
cpe:2.3:a:apache:solr:4.8.1
-
cpe:2.3:a:apache:solr:4.9.0
-
cpe:2.3:a:apache:solr:4.9.1
-
cpe:2.3:a:apache:solr:5.0
-
cpe:2.3:a:apache:solr:5.0.0
-
cpe:2.3:a:apache:solr:5.1
-
cpe:2.3:a:apache:solr:5.1.0
-
cpe:2.3:a:apache:solr:5.2.0
-
cpe:2.3:a:apache:solr:5.2.1