CVE-2025-25247: Apache Felix Webconsole: XSS in services console

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix Webconsole. This issue affects Apache Felix Webconsole 4.x up to 4.9.8 and 5.x up to 5.0.8. Users are recommended to upgrade to version 4.9.10 or 5.0.10 or higher, which fixes the issue.

Classification

CVE ID: CVE-2025-25247

Affected Products

Vendor: Apache Software Foundation

Product: Apache Felix Webconsole

Timeline

2025-02-11 00:32:59 UTC
CVE

Apache Felix Webconsole: XSS in services console