CVE-2017-3165

Published: Sep 13, 2017Modified: May 13, 2026

5.4

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. This is due to improper escaping of server-side content. There is known to be a proof-of-concept exploit using this vulnerability.

Affected (1)

Products: Apache: Brooklyn

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Brooklyn	Up to 0.9.0

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

http://www.securityfocus.com/bid/96228

Source: security@apache.org

Third Party AdvisoryVDB Entry

https://brooklyn.apache.org/community/security/CVE-2017-3165.html

Source: security@apache.org

ExploitVendor Advisory

https://lists.apache.org/thread.html/5aa6b7583edbfc1f5653607003204326d9e27ef65e8af356c798b21c%40%3Cdev.brooklyn.apache.org%3E

Source: security@apache.org

http://www.securityfocus.com/bid/96228

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://brooklyn.apache.org/community/security/CVE-2017-3165.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

https://lists.apache.org/thread.html/5aa6b7583edbfc1f5653607003204326d9e27ef65e8af356c798b21c%40%3Cdev.brooklyn.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.