Severity: moderate
Affected versions:
- Apache Felix HTTP Webconsole Plugin Version 1.x through 1.2.0
Description:
Improper Neutralization of Input During Web Page Generation ('Cross-site
Scripting') vulnerability in Apache Felix HTTP Webconsole Plugin.
This issue affects Apache Felix HTTP Webconsole Plugin: from Version 1.X
through 1.2.0.
Users are recommended to upgrade to version 1.2.2, which fixes the issue.
Credit:
Viktor Mares (m...@viktormares.com) (finder)
References:
https://felix.apache.org/
https://www.cve.org/CVERecord?id=CVE-2025-27867
