CVE-2015-8795
MEDIUMApache Solr < 5.1.0 - Cross-Site Scripting in Admin UI Analysis and Schema-Browser Pages
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://issues.apache.org/jira/browse/SOLR-7346
Scores
CVSS v3
6.1
EPSS
0.0256
EPSS Percentile
85.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
apache/solr
< 5.0
org.apache.solr/solr-core
0 - 5.1.0Maven
Published
Feb 15, 2016
Tracked Since
Feb 18, 2026