Unrated severityNVD Advisory· Published Dec 12, 2023· Updated Nov 20, 2025
Mod_cluster/mod_proxy_cluster: stored cross site scripting
CVE-2023-6710
Description
A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- cpe:/a:redhat:enterprise_linux:9::appstreamRange: 0:1.3.20-1.el9_4
cpe:/a:redhat:jboss_core_services:1+ 1 more
- cpe:/a:redhat:jboss_core_services:1
- cpe:/a:redhat:jboss_core_services:1::el8range: 0:1.3.20-3.el7jbcs
- osv-coords2 versions
< 1.2.49-1.el9_4+ 1 more
- (no CPE)range: < 1.2.49-1.el9_4
- (no CPE)range: < 1.3.20-1.el9_4
Patches
Vulnerability mechanics
References
5- access.redhat.com/errata/RHSA-2024:1316mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1317mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:2387mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/security/cve/CVE-2023-6710mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
News mentions
0No linked articles in our index yet.