84 matches found
EUVD-2016-0744
Malware in sbrugna...
EUVD-2022-4165
Malicious code in bioql PyPI...
CVE-2022-32533
Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no...
Apache Jetspeed-2 Input Validation Error Vulnerability
Apache Jetspeed-2 is a very open and customizable portal platform from the Apache USA Foundation. Apache Jetspeed-2 suffers from an input validation error vulnerability that stems from Apache Jetspeed-2 failing to adequately filter untrusted user input by default, which can be exploited by an...
Cross-site Scripting (XSS)
jetspeed-portal is vulnerable to cross-site scripting. The vulnerability exists because the library does not properly filter the untrusted user inputs by default, allowing an attacker to inject and execute malicious javascript...
org.apache.portals.jetspeed-2:app-servers (>=2.1.3 <=2.1.4), org.apache.portals.jetspeed-2:applications (>=2.1.3 <=2.1.4) +35 more potentially affected by CVE-2022-32533 via org.apache.portals.jetspeed-2:jetspeed-commons (>=2.1.3 <=2.3.1)
org.apache.portals.jetspeed-2:jetspeed-commons MAVEN version =2.1.3, =2.1.3, =2.1.3, =2.1.3, =2.1.3, =2.1.3, =2.1.3, =2.1.3, =2.1.3, =2.1.3, =2.2.1, =2.1.3, =2.1.3, =2.1.3, =2.1.3, =2.1.3, =2.3.1 and more Source cves: CVE-2022-32533 Source advisory: OSV:GHSA-H975-R69H-4W9P...
GHSA-H975-R69H-4W9P Insufficient user input in Apache Jetspeed-2
UNSUPPORTED WHEN ASSIGNED Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant projec...
Insufficient user input in Apache Jetspeed-2
UNSUPPORTED WHEN ASSIGNED Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant projec...
CVE-2022-32533
Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no...
CVE-2022-32533
Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no...
CVE-2022-32533
Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no...
Design/Logic Flaw
UNSUPPORTED WHEN ASSIGNED Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant projec...
CVE-2022-32533 Apache Portals Jetspeed XSS, CSRF, SSRF, and XXE issues
Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no...
CVE-2022-32533 Apache Portals Jetspeed XSS, CSRF, SSRF, and XXE issues
Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no...
CVE-2022-32533
CVE-2022-32533 affects Apache Jetspeed-2. The connected Red Hat, CNVD, PRION, CVE lists describe an input-validation flaw where untrusted input is not sufficiently filtered by default, enabling XSS, CSRF, SSRF and XXE-type issues. A mitigation mentioned across sources is to enable xss.filter.post...
Apache Jetspeed-2 安全漏洞
Apache Jetspeed-2 is a very open and customizable portal platform from the Apache USA Foundation. Apache Jetspeed-2 suffers from an input validation error vulnerability that stems from Apache Jetspeed-2 failing to adequately filter untrusted user input by default, which can be exploited by an...
PT-2022-21354 · Apache · Apache Jetspeed-2
Name of the Vulnerable Software and Affected Versions: Apache Jetspeed-2 affected versions not specified Description: The issue arises from insufficient filtering of untrusted user input by default, leading to problems such as XSS, CSRF, XXE, and SSRF. Setting the configuration option...
org.apache.portals.jetspeed-2:app-servers (>=2.1.3 <=2.1.4), org.apache.portals.jetspeed-2:jetspeed-archetype (>=2.2.1 <=2.3.0) +1 more potentially affected by CVE-2016-0710 via org.apache.portals.jetspeed-2:jetspeed (>=2.1.3 <=2.3.0)
org.apache.portals.jetspeed-2:jetspeed MAVEN version =2.1.3, =2.1.3, =2.2.1, =2.2.2, =2.3.0 Source cves: CVE-2016-0710 Source advisory: OSV:GHSA-88F6-79X2-XQF3...
org.apache.portals.jetspeed-2:app-servers (>=2.1.3 <=2.1.4), org.apache.portals.jetspeed-2:jetspeed-archetype (>=2.2.1 <=2.3.0) +1 more potentially affected by CVE-2016-0709 via org.apache.portals.jetspeed-2:jetspeed (>=2.1.3 <=2.3.0)
org.apache.portals.jetspeed-2:jetspeed MAVEN version =2.1.3, =2.1.3, =2.2.1, =2.2.2, =2.3.0 Source cves: CVE-2016-0709 Source advisory: OSV:GHSA-W47P-5Q88-HJ5G...
GHSA-W47P-5Q88-HJ5G Path Traversal in Apache Jetspeed
Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. dot dot in a ZIP archive entry, as demonstrated by...