PT-2022-8065 · Unknown · Farcry Solr Pro Plugin
Williada-Lbcc
·
Published
2022-12-28
·
Updated
2024-05-17
·
CVE-2018-25055
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
FarCry Solr Pro Plugin versions up to 1.5.x
Description
A vulnerability was found in the FarCry Solr Pro Plugin, affecting an unknown functionality of the file packages/forms/solrProSearch.cfc of the component Search Handler. The manipulation of the
suggestion argument leads to cross-site scripting. The attack can be launched remotely. Upgrading to version 1.6.0 is able to address this issue.Recommendations
For FarCry Solr Pro Plugin versions up to 1.5.x, upgrade to version 1.6.0 to address the issue. As a temporary workaround, consider restricting the use of the
suggestion argument in the affected Search Handler component until the upgrade is applied.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Farcry Solr Pro Plugin