Back to search
CVE-2017-3165
Published: Sep 13, 2017
Modified: Sep 16, 2024
PUBLISHED
Description
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. This is due to improper escaping of server-side content. There is known to be a proof-of-concept exploit using this vulnerability.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Brooklyn | affected 0.9.0 and all prior versions |
References
96228
vdb-entry
x_refsource_BID
https://brooklyn.apache.org/community/security/CVE-2017-3165.html
x_refsource_CONFIRM
[dev] 20170210 [SECURITY] CVE-2017-3165: Cross-site vulnerabilities in Apache Brooklyn
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now