{"vulnerability": "CVE-2020-13954", "sightings": [{"uuid": "9f7b3492-06bc-4707-9216-b0022efda86a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-13954", "type": "seen", "source": "https://t.me/arpsyndicate/132", "content": "#ExploitObserverAlert\n\nCVE-2020-13954\n\nDESCRIPTION: Exploit Observer has 17 entries related to CVE-2020-13954. By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573.\n\nFIRST-EPSS: 0.165290000\nNVD-IS: 2.7\nNVD-ES: 2.8", "creation_timestamp": "2023-11-12T19:05:42.000000Z"}, {"uuid": "57ca2211-0b3d-4882-bf6b-823b45688700", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-13954", "type": "seen", "source": "https://t.me/cibsecurity/16206", "content": "\u203c CVE-2020-13954 \u203c\n\nBy default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-12T16:31:39.000000Z"}]}