Home

CVE-2020-13954

Description

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573.

Risk Information

Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
8.411

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2020-13954 are fixed in Apache-apache-cxf 3.3.8Windows
Vulnerabilities CVE-2020-13954 are fixed in Apache-apache-cxf 3.4.1Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 10.5Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 10.6Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.1Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.2Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.3Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.4Windows
Vulnerabilities CVE-2020-13954 are fixed in Apache - cxf 3.3.8Windows
Vulnerabilities CVE-2020-13954 are fixed in Apache - cxf 3.4.1Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.0Windows
Multiple Vulnerabilities are affected in IBM Tivoli Application Dependency Discovery Manager 7.3.0.8Windows
Vulnerabilities CVE-2020-13954 are fixed in Apache-apache-cxf for Linux 3.3.8Linux
Vulnerabilities CVE-2020-13954 are fixed in Apache-apache-cxf for Linux 3.4.1Linux
Vulnerabilities CVE-2020-13954 are fixed in Apache - cxf for Linux 3.3.8Linux
Vulnerabilities CVE-2020-13954 are fixed in Apache - cxf for Linux 3.4.1Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234