Moderate severityNVD Advisory· Published Jan 6, 2015· Updated Jun 17, 2026
CVE-2014-3628
CVE-2014-3628
Description
Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.solr:solrMaven | >= 4.0.0, < 4.10.3 | 4.10.3 |
Affected products
24cpe:2.3:a:apache:solr:4.0.0:*:*:*:*:*:*:*+ 22 more
- cpe:2.3:a:apache:solr:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:solr:4.0.0:alpha:*:*:*:*:*:*
- cpe:2.3:a:apache:solr:4.0.0:beta:*:*:*:*:*:*
- cpe:2.3:a:apache:solr:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:solr:4.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:solr:4.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:solr:4.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:solr:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:solr:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:solr:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:solr:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:solr:4.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:solr:4.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:solr:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:solr:4.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:solr:4.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:solr:4.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:solr:4.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:solr:4.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:solr:4.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:solr:4.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:solr:4.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:solr:4.9.1:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-wgw2-gw4v-9w4jghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-3628ghsaADVISORY
- mail-archives.us.apache.org/mod_mbox/www-announce/201412.mbox/%3C54A1A7C7.2070804@apache.org%3EghsaWEB
- mail-archives.us.apache.org/mod_mbox/www-announce/201412.mbox/%3C54A1A7C7.2070804%40apache.org%3Envd
- secunia.com/advisories/62024nvd
News mentions
0No linked articles in our index yet.