Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability

Apache Solr is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Information

Bugtraq ID: 85205
Class: Input Validation Error
CVE: CVE-2015-8796

Remote: Yes
Local: No
Published: Feb 14 2016 12:00AM
Updated: Jul 26 2017 12:08PM
Credit: The vendor reported this issue.
Vulnerable: IBM Websphere Portal 8.5
IBM Websphere Portal 8.0
Apache Solr 4.5.1
Apache Solr 4.4
Apache Solr 4.3.1
Apache Solr 3.6.1
Apache Solr 5.2.1
Apache Solr 4.5.0
Apache Solr 4.4
Apache Solr 4.3.0
Apache Solr 4.3
Apache Solr 4.2.1
Apache Solr 4.2.0
Apache Solr 4.1.0
Apache Solr 4.1
Apache Solr 4.0.0
Apache Solr 3.6.2
Apache Solr 3.6.0

Not Vulnerable: Apache Solr 5.3

Exploit

To exploit this issue an attacker must entice an unsuspecting victim to open a malicious URI.

References:

• Apache Solr Homepage (Apache)
  
• SOLR-7920 :Thers is a xss issue in schema-browser page of Admin Web UI. (Apache)
  
• swg22005279: Multiple Vulnerabilities affect IBM WebSphere Portal Rich Media Edi (IBM)
  

Source: www.securityfocus.com