Ryan Lambeth

**Name of the Vulnerable Software and Affected Versions** Apache CXF versions prior to 3.4.1 Apache CXF versions prior to 3.3.8 **Description** The issue is related to a reflected Cross-Site Scripting (XSS) attack via the `styleSheetPath` parameter, which allows a malicious actor to inject javascript into the web page. This is due to the lack of protection measures for the web page structure. The exploitation of this issue may allow a remote attacker to conduct cross-site scripting attacks. **Recommendations** For versions prior to 3.4.1, update to version 3.4.1 or later. For versions prior to 3.3.8, update to version 3.3.8 or later. As a temporary workaround, consider restricting access to the `/services` page and the `styleSheetPath` parameter to minimize the risk of exploitation.