VulnerableCode Package Details - pkg:maven/org.apache.cxf/apache-cxf@3.3.7

Search for packages

Package details: pkg:maven/org.apache.cxf/apache-cxf@3.3.7

Essentials
History (1)

purl	pkg:maven/org.apache.cxf/apache-cxf@3.3.7

Next non-vulnerable version	3.3.8
Latest non-vulnerable version	3.4.4
Risk	3.1

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-64k6-5enf-abgu Aliases: CVE-2020-13954 GHSA-64x2-gq24-75pv	Cross-site scripting in Apache CXF By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573.	3.3.8 Affected by 0 other vulnerabilities. 3.4.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-64k6-5enf-abgu
Aliases:
CVE-2020-13954
GHSA-64x2-gq24-75pv

Cross-site scripting in Apache CXF By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573.

3.3.8
Affected by 0 other vulnerabilities.

3.4.1
Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T09:52:33.526116+00:00	GitLab Importer	Affected by	VCID-64k6-5enf-abgu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/apache-cxf/CVE-2020-13954.yml	37.0.0