Apache CXF Reflected XSS in the services listing page via the styleSheetPath
CVE-2020-13954

6.1MEDIUM

Key Information:

Vendor
Apache
Status
Apache Cxf
Vendor
CVE Published:
12 November 2020

Summary

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573.

Affected Version(s)

Apache CXF < 3.4.1

Apache CXF < 3.3.8

References

http://cxf.apache.org/security-advisories.data/CVE-2020-1...
x_refsource_MISC
https://lists.apache.org/thread.html/r51fdd73548290b2dfd0...
mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff...
mailing-listx_refsource_MLIST

EPSS Score

28% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Thanks to Ryan Lambeth for reporting this issue.
.