Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.

**Details**

*   **Type: ** Bug
    
*   **Status:** Resolved
    
*   **Priority: ** Major
    
*   **Resolution:** Fixed
    
*   **Affects Version/s:** None
    
*   **Fix Version/s:** None
    
*   **Component/s:** None
    
*   **Labels:**
    
    None
    

**Description**

I built the trunk and can confirm the fix. See below:

r1831943 | veithen | 2018-05-20 14:10:32 -0600 (Sun, 20 May 2018) | 1 line

Correctly escape namespace URIs in namespace declarations.

Trunk link with maven builds:

https://travis-ci.org/apache/axis1-java 

**Attachments**

**Activity**

Tag

#maven