CVE-2015-8795

Name of the Vulnerable Software and Affected Versions Apache Solr versions prior to 5.1

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the Admin UI. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of specific pages, including the Analysis page, related to webapp/web/js/scripts/analysis.js, and the Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js.

Recommendations For Apache Solr versions prior to 5.1, update to version 5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Admin UI to minimize the risk of exploitation.