CVE Daily

CVE-2025-25247

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti...

Medium CVSS 6.1

Overview

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix Webconsole.

This issue affects Apache Felix Webconsole 4.x up to 4.9.8 and 5.x up to 5.0.8.

Users are recommended to upgrade to version 4.9.10 or 5.0.10 or higher, which fixes the issue.

CWE: CWE-79 Published: 2025-02-10T12:15:29.557
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 6.1 (MEDIUM)
  • Detected tags: apache, xss (tag impact: MODERATE)

Recommended actions:

  • Apply context-aware output encoding.
  • Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Recommended tools

Tags