Common Vulnerabilities and Exposures assigned an identifier CVE-2014-3628 to the following vulnerability: Name: CVE-2014-3628 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3628 Assigned: 20140514 Reference: http://secunia.com/advisories/62024 Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object.
Solr 4.10.3 will be updated soon, are waiting to be able to fill. because requires Lucene 4.10.3. I do not know if it will be possible to upgrade it for F21 since Lucene is a dependency of eclipse. Close this bug
(In reply to gil cattaneo from comment #1) > Solr 4.10.3 will be updated soon, are waiting to be able to fill. because > requires Lucene 4.10.3. I do not know if it will be possible to upgrade it > for F21 since Lucene is a dependency of eclipse. > Close this bug Thanks for the comment, marked Fedora versions as "notaffected". This bug should be opened though, Solr is shipped in other Red Hat products and we need to check if these are affected or not. Please don't close this bug.