Apache HTTP Server Cross-Site Scripting (XSS) in mod_lua Module

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Apache HTTP Server Cross-Site Scripting (XSS) in mod_lua Module

MINI-293x-r324-23qp

Summary

Apache HTTP Server's mod_lua module has a vulnerability that allows an attacker to inject malicious code into web pages, potentially allowing them to steal user data or take control of a user's session. This affects web applications using the mod_lua module. To address this issue, update your Apache HTTP Server to the latest version.

What to do

Update opentelemetry-operator-fips to version 0.146.0-r0.
Update opentelemetry-operator-fips-compat to version 0.146.0-r0.
Update opentelemetry-operator-fips-otel-allocator to version 0.146.0-r0.
Update opentelemetry-operator-fips-otel-allocator-compat to version 0.146.0-r0.

Affected software

Vendor	Product	Affected versions	Fix available
–	opentelemetry-operator-fips	<= 0.146.0-r0	0.146.0-r0
–	opentelemetry-operator-fips-compat	<= 0.146.0-r0	0.146.0-r0
–	opentelemetry-operator-fips-otel-allocator	<= 0.146.0-r0	0.146.0-r0
–	opentelemetry-operator-fips-otel-allocator-compat	<= 0.146.0-r0	0.146.0-r0

Original title

MINI-293x-r324-23qp

Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026