VYPR
Moderate severityNVD Advisory· Published Jan 16, 2020· Updated Aug 5, 2024

CVE-2019-17573

CVE-2019-17573

Description

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.cxf:apache-cxfMaven
< 3.2.123.2.12
org.apache.cxf:apache-cxfMaven
>= 3.3.0, < 3.3.53.3.5
org.apache.cxf:cxfMaven
< 3.2.123.2.12
org.apache.cxf:cxfMaven
>= 3.3.0, < 3.3.53.3.5

Affected products

3

Patches

Vulnerability mechanics

References

27

News mentions

0

No linked articles in our index yet.