Apache.CXF.services.styleSheetPath.XSS
Description
This indicates an attack attempt to exploit a Cross-Site Scripting Vulnerability in Apache Software Foundation CXF.
The vulnerability is due to improper sanitization a parameter; styleSheetPath used to generate an HTML page. A remote attacker could exploit this vulnerability by enticing an user to visit a malicious web page. A successful attack may result in the execution of script code in the security context of the target user's browser
Affected Products
Apache Software Foundation CXF prior to 3.3.8
Apache Software Foundation CXF prior to 3.4.1
Impact
System Compromise: Remote attackers can execute arbitrary script code in the context of the affected application.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
http://cxf.apache.org/security-advisories.data/CVE-2020-13954.txt.asc?version=1&modificationDate=1605183670659&api=v2
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2022-04-14 | 20.298 | Sig Added |
2021-05-26 | 18.085 | Default_action:pass:drop |
2021-05-17 | 18.080 |