6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-13954

GHSA ID

GHSA-64x2-gq24-75pv

EPSS Score

0.91677%

CWE

CWE-79

Published

4/22/2021

Updated

2/1/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-13954

CVE-2020-13954: Cross-site scripting in Apache CXF

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573.

(GitHub Advisory)

6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-13954

GHSA ID

GHSA-64x2-gq24-75pv

EPSS Score

0.91677%

CWE

CWE-79

Published

4/22/2021

Updated

2/1/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.cxf:apache-cxf	maven	< 3.3.8	3.3.8
org.apache.cxf:apache-cxf	maven	>= 3.4.0, < 3.4.1	3.4.1
org.apache.cxf:cxf	maven	< 3.3.8	3.3.8
org.apache.cxf:cxf	maven	>= 3.4.0, < 3.4.1	3.4.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from unencoded output of the styleSheetPath parameter in the services listing page. ServiceListGenerator is the known class responsible for generating this page in Apache CXF. The writeStyleSheet method would be directly responsible for outputting the stylesheet link element using the user-controlled parameter value. The generateDocument method would show up in stack traces as the entry point for page generation. The patch would have added HTML encoding for the styleSheetPath parameter value in these locations.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*y ****ult, *p**** *X* *r**t*s * /s*rvi**s p*** *ont*inin* * listin* o* t** *v*il**l* *n*point n*m*s *n* ***r*ss*s. T*is w**p*** is vuln*r**l* to * r**l**t** *ross-Sit* S*riptin* (XSS) *tt**k vi* t** styl*S***tP*t*, w*i** *llows * m*li*ious **tor to

Reasoning

T** vuln*r**ility st*ms *rom un*n*o*** output o* t** `styl*S***tP*t*` p*r*m*t*r in t** s*rvi**s listin* p***. `S*rvi**List**n*r*tor` is t** known *l*ss r*sponsi*l* *or **n*r*tin* t*is p*** in `*p**** *X*`. T** `writ*Styl*S***t` m*t*o* woul* ** *ir**t

6.1

Basic Information

Concerned about an active attack path?

CVE-2020-13954: Cross-site scripting in Apache CXF

6.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI