[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-17573":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":47,"downstream":48,"duplicates":61,"related":62,"reserved_at":9,"published_at":63,"modified_at":64,"state":65,"summary":66,"references_raw":74,"kevs":190,"epss":191,"epss_history":194,"metrics":442,"affected":455},"CVE-2019-17573","By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[],[46],"GHSA-f93p-f762-vr53",[],[49,51,53,55,57,59],{"_key":50},"RHSA-2020:2058",{"_key":52},"RHSA-2020:2059",{"_key":54},"RHSA-2020:2060",{"_key":56},"RHSA-2020:2511",{"_key":58},"RHSA-2020:2512",{"_key":60},"RHSA-2020:2513",[],[],"2020-01-16T17:50:42.000Z","2024-08-05T01:47:12.612Z","Modified",{"cisa_kev":67,"cisa_ransomware":67,"cisa_vendor":9,"epss_severity":68,"epss_score":69,"severity":68,"severity_score":70,"severity_version":71,"severity_source":72,"severity_vector":73,"severity_status":65},false,"medium",0.13981,6.1,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",[75,82,86,90,99,105,109,113,117,121,125,129,133,137,141,146,150,154,158,162,166,170,174,178,182,186],{"url":76,"sources":77,"tags":79},"https://lists.apache.org/thread.html/rf3b50583fefce2810cbd37c3d358cbcd9a03e750005950bf54546194%40%3Cannounce.apache.org%3E",[78,72],"cve.org",[80,81],"Mailing List","X Refsource MLIST",{"url":83,"sources":84,"tags":85},"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E",[78,72],[80,81],{"url":87,"sources":88,"tags":89},"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E",[78,72],[80,81],{"url":91,"sources":92,"tags":94},"https://www.oracle.com/security-alerts/cpujul2020.html",[78,72,93],"osv_maven",[95,96,97,98],"X Refsource MISC","Patch","Third Party Advisory","WEB",{"url":100,"sources":101,"tags":102},"http://cxf.apache.org/security-advisories.data/CVE-2019-17573.txt.asc?version=1&modificationDate=1579178542000&api=v2",[78,72,93],[103,104,98],"X Refsource CONFIRM","Vendor Advisory",{"url":106,"sources":107,"tags":108},"https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec%40%3Cdev.cxf.apache.org%3E",[78,72],[80,81],{"url":110,"sources":111,"tags":112},"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E",[78,72],[80,81],{"url":114,"sources":115,"tags":116},"https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec%40%3Cusers.cxf.apache.org%3E",[78,72],[80,81],{"url":118,"sources":119,"tags":120},"http://www.openwall.com/lists/oss-security/2020/11/12/2",[78,72,93],[80,81,97,98],{"url":122,"sources":123,"tags":124},"https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec%40%3Cannounce.apache.org%3E",[78,72],[80,81],{"url":126,"sources":127,"tags":128},"https://lists.apache.org/thread.html/r81a41a2915985d49bc3ea57dde2018b03584a863878a8532a89f993f%40%3Cusers.cxf.apache.org%3E",[78,72],[80,81],{"url":130,"sources":131,"tags":132},"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E",[78,72],[80,81],{"url":134,"sources":135,"tags":136},"https://www.oracle.com/security-alerts/cpuApr2021.html",[78,72,93],[95,96,97,98],{"url":138,"sources":139,"tags":140},"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E",[78,72],[80,81],{"url":142,"sources":143,"tags":144},"https://nvd.nist.gov/vuln/detail/CVE-2019-17573",[93],[145],"Advisory",{"url":147,"sources":148,"tags":149},"https://github.com/apache/cxf/commit/a02e96ba1095596bef481919f16a90c5e80a92c8",[93],[98],{"url":151,"sources":152,"tags":153},"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E",[93],[98],{"url":155,"sources":156,"tags":157},"https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cannounce.apache.org%3E",[93],[98],{"url":159,"sources":160,"tags":161},"https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cdev.cxf.apache.org%3E",[93],[98],{"url":163,"sources":164,"tags":165},"https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cusers.cxf.apache.org%3E",[93],[98],{"url":167,"sources":168,"tags":169},"https://lists.apache.org/thread.html/r81a41a2915985d49bc3ea57dde2018b03584a863878a8532a89f993f@%3Cusers.cxf.apache.org%3E",[93],[98],{"url":171,"sources":172,"tags":173},"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E",[93],[98],{"url":175,"sources":176,"tags":177},"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E",[93],[98],{"url":179,"sources":180,"tags":181},"https://lists.apache.org/thread.html/rf3b50583fefce2810cbd37c3d358cbcd9a03e750005950bf54546194@%3Cannounce.apache.org%3E",[93],[98],{"url":183,"sources":184,"tags":185},"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E",[93],[98],{"url":187,"sources":188,"tags":189},"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E",[93],[98],[],{"date":192,"score":69,"percentile":193},"2026-06-04",0.94465,[195,199,202,205,208,211,213,215,217,220,223,226,229,231,233,237,240,243,246,249,251,254,257,260,263,266,268,270,273,276,279,281,283,285,288,291,294,297,300,303,306,309,312,315,318,321,324,327,330,333,335,338,341,344,347,350,352,354,357,360,363,366,368,371,373,375,377,379,381,383,386,388,390,392,395,398,401,405,408,411,414,417,420,423,426,428,431,434,436,439],{"date":196,"score":197,"percentile":198},"2025-11-04",0.15538,0.94378,{"date":200,"score":197,"percentile":201},"2025-11-05",0.94377,{"date":203,"score":197,"percentile":204},"2025-11-06",0.94379,{"date":206,"score":197,"percentile":207},"2025-11-07",0.94381,{"date":209,"score":197,"percentile":210},"2025-11-08",0.94383,{"date":212,"score":197,"percentile":207},"2025-11-09",{"date":214,"score":197,"percentile":207},"2025-11-10",{"date":216,"score":197,"percentile":210},"2025-11-11",{"date":218,"score":197,"percentile":219},"2025-11-12",0.94387,{"date":221,"score":197,"percentile":222},"2025-11-13",0.94389,{"date":224,"score":197,"percentile":225},"2025-11-14",0.9439,{"date":227,"score":197,"percentile":228},"2025-11-15",0.94386,{"date":230,"score":197,"percentile":225},"2025-11-16",{"date":232,"score":197,"percentile":225},"2025-11-17",{"date":234,"score":235,"percentile":236},"2025-11-18",0.23674,0.95635,{"date":238,"score":235,"percentile":239},"2025-11-19",0.95636,{"date":241,"score":235,"percentile":242},"2025-11-20",0.95639,{"date":244,"score":197,"percentile":245},"2025-11-21",0.94401,{"date":247,"score":197,"percentile":248},"2025-11-22",0.94399,{"date":250,"score":197,"percentile":245},"2025-11-23",{"date":252,"score":197,"percentile":253},"2025-11-24",0.94403,{"date":255,"score":197,"percentile":256},"2025-11-25",0.94406,{"date":258,"score":197,"percentile":259},"2025-11-26",0.94407,{"date":261,"score":197,"percentile":262},"2025-11-27",0.94409,{"date":264,"score":197,"percentile":265},"2025-11-28",0.94405,{"date":267,"score":197,"percentile":259},"2025-11-29",{"date":269,"score":197,"percentile":256},"2025-11-30",{"date":271,"score":197,"percentile":272},"2025-12-01",0.9445,{"date":274,"score":197,"percentile":275},"2025-12-02",0.94452,{"date":277,"score":197,"percentile":278},"2025-12-03",0.94453,{"date":280,"score":197,"percentile":265},"2025-12-04",{"date":282,"score":197,"percentile":259},"2025-12-05",{"date":284,"score":197,"percentile":265},"2025-12-06",{"date":286,"score":197,"percentile":287},"2025-12-07",0.9441,{"date":289,"score":197,"percentile":290},"2025-12-08",0.94411,{"date":292,"score":197,"percentile":293},"2025-12-09",0.94416,{"date":295,"score":197,"percentile":296},"2025-12-10",0.94424,{"date":298,"score":197,"percentile":299},"2025-12-11",0.94427,{"date":301,"score":197,"percentile":302},"2025-12-12",0.94429,{"date":304,"score":197,"percentile":305},"2025-12-13",0.9443,{"date":307,"score":197,"percentile":308},"2025-12-14",0.94428,{"date":310,"score":197,"percentile":311},"2025-12-15",0.94432,{"date":313,"score":197,"percentile":314},"2025-12-16",0.94435,{"date":316,"score":197,"percentile":317},"2025-12-17",0.94437,{"date":319,"score":197,"percentile":320},"2025-12-18",0.9444,{"date":322,"score":197,"percentile":323},"2025-12-19",0.94441,{"date":325,"score":197,"percentile":326},"2025-12-20",0.94442,{"date":328,"score":197,"percentile":329},"2025-12-21",0.94444,{"date":331,"score":197,"percentile":332},"2025-12-22",0.94445,{"date":334,"score":197,"percentile":329},"2025-12-23",{"date":336,"score":197,"percentile":337},"2025-12-24",0.94449,{"date":339,"score":197,"percentile":340},"2025-12-25",0.94457,{"date":342,"score":197,"percentile":343},"2025-12-26",0.94455,{"date":345,"score":197,"percentile":346},"2025-12-27",0.94484,{"date":348,"score":197,"percentile":349},"2025-12-28",0.94454,{"date":351,"score":197,"percentile":349},"2025-12-29",{"date":353,"score":197,"percentile":343},"2025-12-30",{"date":355,"score":197,"percentile":356},"2025-12-31",0.94459,{"date":358,"score":197,"percentile":359},"2026-01-01",0.94502,{"date":361,"score":197,"percentile":362},"2026-01-02",0.94495,{"date":364,"score":197,"percentile":365},"2026-01-03",0.94493,{"date":367,"score":197,"percentile":278},"2026-01-04",{"date":369,"score":197,"percentile":370},"2026-01-05",0.94448,{"date":372,"score":197,"percentile":337},"2026-01-06",{"date":374,"score":197,"percentile":337},"2026-01-07",{"date":376,"score":197,"percentile":278},"2026-01-08",{"date":378,"score":197,"percentile":349},"2026-01-09",{"date":380,"score":197,"percentile":343},"2026-01-10",{"date":382,"score":197,"percentile":278},"2026-01-11",{"date":384,"score":197,"percentile":385},"2026-01-12",0.94451,{"date":387,"score":197,"percentile":275},"2026-01-13",{"date":389,"score":197,"percentile":340},"2026-01-14",{"date":391,"score":197,"percentile":340},"2026-01-15",{"date":393,"score":197,"percentile":394},"2026-01-16",0.9446,{"date":396,"score":197,"percentile":397},"2026-01-17",0.94464,{"date":399,"score":197,"percentile":400},"2026-01-18",0.94461,{"date":402,"score":403,"percentile":404},"2026-01-19",0.16126,0.94576,{"date":406,"score":403,"percentile":407},"2026-01-20",0.94582,{"date":409,"score":403,"percentile":410},"2026-01-21",0.94583,{"date":412,"score":403,"percentile":413},"2026-01-22",0.94585,{"date":415,"score":403,"percentile":416},"2026-01-23",0.94592,{"date":418,"score":403,"percentile":419},"2026-01-24",0.94596,{"date":421,"score":403,"percentile":422},"2026-01-25",0.94597,{"date":424,"score":403,"percentile":425},"2026-01-26",0.94599,{"date":427,"score":403,"percentile":425},"2026-01-27",{"date":429,"score":403,"percentile":430},"2026-01-28",0.94601,{"date":432,"score":403,"percentile":433},"2026-01-29",0.94603,{"date":435,"score":403,"percentile":433},"2026-01-30",{"date":437,"score":403,"percentile":438},"2026-01-31",0.94605,{"date":440,"score":403,"percentile":441},"2026-02-01",0.94644,[443,453],{"source":72,"cvss_v2_0":444,"cvss_v3_0":9,"cvss_v3_1":449,"cvss_v4_0":9},{"baseScore":445,"baseSeverity":9,"vectorString":446,"impactScore":447,"exploitabilityScore":448},4.3,"AV:N/AC:M/Au:N/C:N/I:P/A:N",2.9,8.6,{"baseScore":70,"baseSeverity":450,"vectorString":73,"impactScore":451,"exploitabilityScore":452},"MEDIUM",4.5,7.2,{"source":93,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":454,"cvss_v4_0":9},{"baseScore":70,"baseSeverity":9,"vectorString":73,"impactScore":451,"exploitabilityScore":452},[456,475,487,492,499,509,516,523,531],{"ecosystem":9,"name":457,"vendor":458,"product":457,"cpe_part":459,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":460},"cxf","apache","a",[461,468,473],{"version":462,"is_range":463,"range_type":464,"version_start":465,"version_start_type":466,"version_end":467,"version_end_type":466,"fixed_in":9},"gte3.2.0_lte3.2.12",true,"cpe","3.2.0","including","3.2.12",{"version":469,"is_range":463,"range_type":464,"version_start":470,"version_start_type":466,"version_end":471,"version_end_type":472,"fixed_in":9},"gte3.3.0_lt3.3.5","3.3.0","3.3.5","excluding",{"version":474,"is_range":67,"range_type":78,"version_start":474,"version_start_type":466,"version_end":474,"version_end_type":466,"fixed_in":9},"All versions of Apache CXF prior to 3.3.5 and 3.2.12.",{"ecosystem":476,"name":477,"vendor":478,"product":479,"cpe_part":9,"purl_type":480,"purl_namespace":478,"purl_name":479,"source":9,"versions":481},"Maven","org.apache.cxf:apache-cxf","org.apache.cxf","apache-cxf","maven",[482,485],{"version":483,"is_range":463,"range_type":484,"version_start":9,"version_start_type":9,"version_end":467,"version_end_type":472,"fixed_in":9},"lt3_2_12","ecosystem",{"version":486,"is_range":463,"range_type":484,"version_start":470,"version_start_type":466,"version_end":471,"version_end_type":472,"fixed_in":9},"gte3_3_0_lt3_3_5",{"ecosystem":476,"name":488,"vendor":478,"product":457,"cpe_part":9,"purl_type":480,"purl_namespace":478,"purl_name":457,"source":9,"versions":489},"org.apache.cxf:cxf",[490,491],{"version":483,"is_range":463,"range_type":484,"version_start":9,"version_start_type":9,"version_end":467,"version_end_type":472,"fixed_in":9},{"version":486,"is_range":463,"range_type":484,"version_start":470,"version_start_type":466,"version_end":471,"version_end_type":472,"fixed_in":9},{"ecosystem":9,"name":493,"vendor":494,"product":495,"cpe_part":459,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":496},"commerce guided search","oracle","commerce_guided_search",[497],{"version":498,"is_range":67,"range_type":464,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.3.2",{"ecosystem":9,"name":500,"vendor":494,"product":501,"cpe_part":459,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":502},"communications element manager","communications_element_manager",[503,505,507],{"version":504,"is_range":67,"range_type":464,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.1.1",{"version":506,"is_range":67,"range_type":464,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.2.0",{"version":508,"is_range":67,"range_type":464,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.2.1",{"ecosystem":9,"name":510,"vendor":494,"product":511,"cpe_part":459,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":512},"communications session report manager","communications_session_report_manager",[513,514,515],{"version":504,"is_range":67,"range_type":464,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":506,"is_range":67,"range_type":464,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":508,"is_range":67,"range_type":464,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":517,"vendor":494,"product":518,"cpe_part":459,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":519},"communications session route manager","communications_session_route_manager",[520,521,522],{"version":504,"is_range":67,"range_type":464,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":506,"is_range":67,"range_type":464,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":508,"is_range":67,"range_type":464,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":524,"vendor":494,"product":525,"cpe_part":459,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":526},"flexcube private banking","flexcube_private_banking",[527,529],{"version":528,"is_range":67,"range_type":464,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.0.0",{"version":530,"is_range":67,"range_type":464,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.1.0",{"ecosystem":9,"name":532,"vendor":494,"product":533,"cpe_part":459,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":534},"retail order broker","retail_order_broker",[535],{"version":536,"is_range":67,"range_type":464,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15.0"]