Apache Camel is a versatile open-source integration framework based on known Enterprise Integration Patterns. Camel empowers you to define routing and mediation rules in a variety of domain-specific languages, including a Java-based Fluent API, Spring or Blueprint XML Configuration files, and a Scala DSL.
Sow Ching Shiong, an independent vulnerability researcher has discovered multiple Cross-Site Scripting vulnerabilities in Apache Camel. These issues were discovered in a default installation of Apache Camel 2.7.0. Other earlier versions may also be affected.
Proof of concept
To trigger Permanent XSS:
Update to version 2.7.2 or later.
Vendor URL: https://issues.apache.org/jira/browse/CAMEL-3991
2011-05-06 - Vulnerabilities discovered.
2011-05-06 - Vulnerabilities reported to Secunia.
2011-05-06 - Secunia confirmed the vulnerabilities and contacted the vendor.
2011-05-19 - Patch released.
2011-05-19 - Advisory published by Apache.