CVE 2015-8795: Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js. https://issues.apache.org/jira/browse/SOLR-7346 CVE 2015-8796: Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL. https://issues.apache.org/jira/browse/SOLR-7920 CVE 2015-8797: Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI. https://issues.apache.org/jira/browse/SOLR-7949
Created solr tracking bugs for this issue: Affects: fedora-all [bug 1308620]
The problem does not exist, because the affected components are not used, due to the inability to use them
solr was retired. depend on hadoop that was retired
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.