Donald Kwakkel

**Name of the Vulnerable Software and Affected Versions** Apache CXF versions prior to 3.0.12 Apache CXF versions 3.1.x prior to 3.1.9 **Description** The issue concerns the HTTP transport module, which generates an HTML page listing available service endpoints. This page includes the names and absolute URL addresses of these endpoints. The module calculates the base URL from the current HttpServletRequest. If unexpected matrix parameters are injected into the request URL, they can be reflected back to the client in the services list page, posing a risk of cross-site scripting (XSS) to the client. **Recommendations** For Apache CXF versions prior to 3.0.12, update to version 3.0.12 or later. For Apache CXF versions 3.1.x prior to 3.1.9, update to version 3.1.9 or later.