GHSA-v6x2-4q87-rf82
Suggest an improvement- Source
- https://github.com/advisories/GHSA-v6x2-4q87-rf82
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/11/GHSA-v6x2-4q87-rf82/GHSA-v6x2-4q87-rf82.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-v6x2-4q87-rf82
- Aliases
- Published
- 2025-11-27T12:30:29Z
- Modified
- 2026-04-14T22:16:35.425547Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Apache SkyWalking has a stored XSS vulnerability
- Details
-
There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache SkyWalking.
This issue affects Apache SkyWalking versions <= 10.2.0.
Users are recommended to upgrade to version 10.3.0, which fixes the issue. Version 10.3.0 has not been uploaded to the Maven registry at time of publish, please see release notes for download instructions.
- Database specific
{ "cwe_ids": [ "CWE-80" ], "severity": "MODERATE", "github_reviewed": true, "nvd_published_at": "2025-11-27T12:15:47Z", "github_reviewed_at": "2025-12-05T21:46:59Z" }- References
Affected packages
Maven / org.apache.skywalking:apm-webapp
Package
- Name
- org.apache.skywalking:apm-webapp
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.skywalking/apm-webapp
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected10.1.0
Affected versions
5.*
5.0.0-alpha
5.0.0-beta
5.0.0-beta2
5.0.0-RC2
5.0.0-GA
6.*
6.0.0-alpha
6.0.0-beta
6.0.0-GA
6.1.0
6.2.0
6.3.0
6.4.0
6.5.0
6.6.0
7.*
7.0.0
8.*
8.0.0
8.0.1
8.1.0
8.2.0
8.3.0
8.4.0
8.5.0
8.6.0
8.7.0
8.8.0
8.8.1
8.9.0
8.9.1
9.*
9.0.0
9.1.0
9.2.0
9.3.0
9.4.0
9.5.0
9.6.0
9.7.0
10.*
10.0.1
10.1.0