84 matches found
Apache Jetspeed vulnerable to Cross-site Scripting
Multiple cross-site scripting XSS vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a 1 link, 2 page, or 3 folder resource...
Apache Jetspeed vulnerable to SQL Injection
Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the 1 role or 2 user parameter to services/usermanager/users/...
Path Traversal in Apache Jetspeed
Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. dot dot in a ZIP archive entry, as demonstrated by...
GHSA-88F6-79X2-XQF3 Apache Jetspeed vulnerable to SQL Injection
Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the 1 role or 2 user parameter to services/usermanager/users/...
GHSA-5PGM-9G57-3WC7 Apache Jetspeed vulnerable to Cross-site Scripting
Multiple cross-site scripting XSS vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a 1 link, 2 page, or 3 folder resource...
GHSA-W47P-5Q88-HJ5G Path Traversal in Apache Jetspeed
Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. dot dot in a ZIP archive entry, as demonstrated by...
GHSA-HJ2V-85PH-8G48 Cross-site Scripting in Apache Jetspeed
Cross-site scripting XSS vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to portal...
org.apache.portals.jetspeed-2:app-servers (>=2.1.3 <=2.1.4), org.apache.portals.jetspeed-2:jetspeed-archetype (>=2.2.1 <=2.3.0) +1 more potentially affected by CVE-2016-0712 via org.apache.portals.jetspeed-2:jetspeed (>=2.1.3 <=2.3.0)
org.apache.portals.jetspeed-2:jetspeed MAVEN version =2.1.3, =2.1.3, =2.2.1, =2.2.2, =2.3.0 Source cves: CVE-2016-0712 Source advisory: OSV:GHSA-HJ2V-85PH-8G48...
Cross-site Scripting in Apache Jetspeed
Cross-site scripting XSS vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to portal...
JetSpeed PDF Editor is vulnerable to dll hijacking.
JetSpeed PDF Editor is a PDF editing software. JetSpeed PDF Editor has a dll hijacking vulnerability. An attacker can exploit the vulnerability to execute malicious code...
Command Execution Vulnerability in JetSpeed OCR Text Recognition Software
JetSpeed OCR text recognition software is an image and text recognition software with high recognition rate, with batch processing and high-speed recognition; the software supports multi-language recognition, support for a variety of file formats such as: JPG, GIF, PNG, BMP, TIF, PDF files and...
Security Bulletin: Multiple Security Vulnerabilities in Jetspeed Affect IBM Sterling B2B Integrator
Summary There are multiple security vulnerabilities in Jetspeed that affect IBM Sterling B2B Integrator Vulnerability Details CVEID: CVE-2016-0711 DESCRIPTION: Apache Jetspeed is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the add a link, page, or...
Apache Jetspeed PageManagementService Cross-Site Scripting (CVE-2016-0711)
A cross-site scripting vulnerability exists in Apache Jetspeed. The vulnerability is due to insufficient validation of user-supplied input. Successful exploitation allows the attacker to store arbitrary scripts on the vulnerable server and have them executed in the user's browser...
Apache Jetspeed Portal URI Path Cross-Site Scripting (CVE-2016-0712)
A cross-site scripting vulnerability exists in Apache Jetspeed 2. The vulnerability is due to insufficient validation of the URI path. A remote, unauthenticated attacker could exploit this vulnerability by enticing a victim user to visit a crafted web site. Successful exploitation allows the...
Apache Jetspeed Privilege Escalation
A privilege escalation vulnerability exists in Apache Jetspeed. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access to the affected system...
Apache Jetspeed SQL Injection (CVE-2016-0710)
An SQL injection vulnerability exists in Apache Jetspeed. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Apache Jetspeed Remote Code Execution (CVE-2016-0709)
A code execution vulnerability exists Apache Jetspeed. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Apache Jetspeed User Manager Unauthorized Operation Vulnerability
Apache Jetspeed is the United States Apache Apache Software Foundation's use of Java and XML development of a set of open portal platforms and enterprise information portals. User Manager service is one of the user management services. An unauthorized operation vulnerability exists in the User...
CVE-2016-2171
The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to 1 add, 2 edit, or 3 delete users via the REST API...
CVE-2016-2171
The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to 1 add, 2 edit, or 3 delete users via the REST API...