Azure Service Fabric is a distributed systems platform that makes it easy to package, deploy, and manage microservices and containers. Users can create Service Fabric clusters — these are the hardware resources where applications can be deployed — on premises or in the cloud. Service Fabric Explorer (SFX) is an open-source tool for inspecting and managing these clusters.
Researchers at cloud security company Orca discovered that SFX v1 is affected by a spoofing vulnerability. The issue, tracked as CVE-2022-35829 and named FabriXss by Orca, involves client-side template injection (CSTI) and stored cross-site scripting (XSS).