{"uuid": "8e83d4e4-ceba-4b2a-b64a-42d4581ba7e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-17573", "type": "seen", "source": "https://t.me/arpsyndicate/132", "content": "#ExploitObserverAlert\n\nCVE-2020-13954\n\nDESCRIPTION: Exploit Observer has 17 entries related to CVE-2020-13954. By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573.\n\nFIRST-EPSS: 0.165290000\nNVD-IS: 2.7\nNVD-ES: 2.8", "creation_timestamp": "2023-11-12T19:05:42.000000Z"}