QwikSec

Security Database

CVE

CWE

Training

CVE-2025-27867

Published: Mar 12, 2025

Modified: Mar 21, 2025

PUBLISHED

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix HTTP Webconsole Plugin. This issue affects Apache Felix HTTP Webconsole Plugin: from Version 1.X through 1.2.0. Users are recommended to upgrade to version 1.2.2, which fixes the issue.

Vendor	Product	Versions
Apache Software Foundation	Apache Felix HTTP Webconsole Plugin	affected `1.x - <= 1.2.0`

Weaknesses (CWE)

References

https://lists.apache.org/thread/y83f2rvm8bccr5ctgv7mzxd69p6f77dp

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.