CVE-2025-27867

MEDIUM

Apache Felix HTTP Webconsole Plugin < 1.2.2 - XSS

Title source: rule

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix HTTP Webconsole Plugin. This issue affects Apache Felix HTTP Webconsole Plugin: from Version 1.X through 1.2.0. Users are recommended to upgrade to version 1.2.2, which fixes the issue.

References (2)

[Issue Tracking, Mailing List, Vendor Advisory] https://lists.apache.org/thread/y83f2rvm8bccr5ctgv7mzxd69p6f77dp

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2025/03/12/3

Scores

CVSS v3 5.6

EPSS 0.0045

EPSS Percentile 63.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-79

Status published

Affected Products (2)

apache/felix_http_webconsole_plugin < 1.2.2

org.apache.felix/org.apache.felix.http.webconsoleplugin < 1.2.2Maven

Timeline

Published Mar 12, 2025

Tracked Since Feb 18, 2026