CVE-2025-27867

CVE-2025-27867: Apache Felix HTTP Webconsole Plugin: XSS in HTTP Webconsole Plugin

Vendor Apache Software Foundation

Product Apache Felix HTTP Webconsole Plugin

Weakness CWE-79 · XSS

Published March 12, 2025

Last update March 21, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix HTTP Webconsole Plugin. This issue affects Apache Felix HTTP Webconsole Plugin: from Version 1.X through 1.2.0. Users are recommended to upgrade to version 1.2.2, which fixes the issue.

Key dates

Disclosure timeline

March 12, 2025 CVE published

March 21, 2025 Record updated