CVE-2015-8796

Name of the Vulnerable Software and Affected Versions Apache Solr versions prior to 5.3

Description A cross-site scripting (XSS) issue exists in the Admin UI, specifically in the webapp/web/js/scripts/schema-browser.js file, allowing remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL, such as "/schema-browser". This enables attackers to execute malicious scripts on the client-side.

Recommendations For versions prior to 5.3, update to version 5.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Admin UI to minimize the risk of exploitation. Avoid using crafted schema-browse URLs in the affected API endpoint until the issue is resolved.