84 matches found
EUVD-2016-0744
Malware in sbrugna...
EUVD-2022-4165
Malicious code in bioql PyPI...
CVE-2022-32533
Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no...
Apache Jetspeed-2 Input Validation Error Vulnerability
Apache Jetspeed-2 is a very open and customizable portal platform from the Apache USA Foundation. Apache Jetspeed-2 suffers from an input validation error vulnerability that stems from Apache Jetspeed-2 failing to adequately filter untrusted user input by default, which can be exploited by an...
Cross-site Scripting (XSS)
jetspeed-portal is vulnerable to cross-site scripting. The vulnerability exists because the library does not properly filter the untrusted user inputs by default, allowing an attacker to inject and execute malicious javascript...
GHSA-H975-R69H-4W9P Insufficient user input in Apache Jetspeed-2
UNSUPPORTED WHEN ASSIGNED Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant projec...
Insufficient user input in Apache Jetspeed-2
UNSUPPORTED WHEN ASSIGNED Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant projec...
org.apache.portals.jetspeed-2:app-servers (>=2.1.3 <=2.1.4), org.apache.portals.jetspeed-2:applications (>=2.1.3 <=2.1.4) +35 more potentially affected by CVE-2022-32533 via org.apache.portals.jetspeed-2:jetspeed-commons (>=2.1.3 <=2.3.1)
org.apache.portals.jetspeed-2:jetspeed-commons MAVEN version =2.1.3, =2.1.3, =2.1.3, =2.1.3, =2.1.3, =2.1.3, =2.1.3, =2.1.3, =2.1.3, =2.1.3, =2.2.1, =2.1.3, =2.1.3, =2.1.3, =2.1.3, =2.1.3, =2.3.1 and more Source cves: CVE-2022-32533 Source advisory: OSV:GHSA-H975-R69H-4W9P...
CVE-2022-32533
Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no...
CVE-2022-32533
Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no...
CVE-2022-32533
Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no...
Design/Logic Flaw
UNSUPPORTED WHEN ASSIGNED Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant projec...
CVE-2022-32533 Apache Portals Jetspeed XSS, CSRF, SSRF, and XXE issues
Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no...
CVE-2022-32533
CVE-2022-32533 affects Apache Jetspeed-2. The connected Red Hat, CNVD, PRION, CVE lists describe an input-validation flaw where untrusted input is not sufficiently filtered by default, enabling XSS, CSRF, SSRF and XXE-type issues. A mitigation mentioned across sources is to enable xss.filter.post...
CVE-2022-32533 Apache Portals Jetspeed XSS, CSRF, SSRF, and XXE issues
Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no...
PT-2022-21354 · Apache · Apache Jetspeed-2
Name of the Vulnerable Software and Affected Versions: Apache Jetspeed-2 affected versions not specified Description: The issue arises from insufficient filtering of untrusted user input by default, leading to problems such as XSS, CSRF, XXE, and SSRF. Setting the configuration option...
Apache Jetspeed-2 安全漏洞
Apache Jetspeed-2 is a very open and customizable portal platform from the Apache USA Foundation. Apache Jetspeed-2 suffers from an input validation error vulnerability that stems from Apache Jetspeed-2 failing to adequately filter untrusted user input by default, which can be exploited by an...
GHSA-W47P-5Q88-HJ5G Path Traversal in Apache Jetspeed
Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. dot dot in a ZIP archive entry, as demonstrated by...
Apache Jetspeed vulnerable to SQL Injection
Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the 1 role or 2 user parameter to services/usermanager/users/...
GHSA-5PGM-9G57-3WC7 Apache Jetspeed vulnerable to Cross-site Scripting
Multiple cross-site scripting XSS vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a 1 link, 2 page, or 3 folder resource...