Lucene search
K

84 matches found

Github Security Blog
Github Security Blog
added 2022/05/17 3:56 a.m.9 views

Apache Jetspeed vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a 1 link, 2 page, or 3 folder resource...

6.1CVSS5.8AI score0.03065EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 3:56 a.m.11 views

Apache Jetspeed vulnerable to SQL Injection

Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the 1 role or 2 user parameter to services/usermanager/users/...

8.8CVSS8.7AI score0.52351EPSS
Exploits5References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 3:56 a.m.35 views

Path Traversal in Apache Jetspeed

Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. dot dot in a ZIP archive entry, as demonstrated by...

9CVSS6.6AI score0.77495EPSS
Exploits5References8Affected Software1
OSV
OSV
added 2022/05/17 3:56 a.m.1 views

GHSA-88F6-79X2-XQF3 Apache Jetspeed vulnerable to SQL Injection

Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the 1 role or 2 user parameter to services/usermanager/users/...

8.8CVSS7.5AI score0.52351EPSS
Exploits5References8
OSV
OSV
added 2022/05/17 3:56 a.m.1 views

GHSA-5PGM-9G57-3WC7 Apache Jetspeed vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a 1 link, 2 page, or 3 folder resource...

6.1CVSS7.3AI score0.03065EPSS
Exploits1References4
OSV
OSV
added 2022/05/17 3:56 a.m.6 views

GHSA-W47P-5Q88-HJ5G Path Traversal in Apache Jetspeed

Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. dot dot in a ZIP archive entry, as demonstrated by...

7.2CVSS7.3AI score0.77495EPSS
Exploits5References7
OSV
OSV
added 2022/05/17 3:56 a.m.7 views

GHSA-HJ2V-85PH-8G48 Cross-site Scripting in Apache Jetspeed

Cross-site scripting XSS vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to portal...

6.1CVSS6AI score0.03203EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2022/05/17 3:56 a.m.5 views

org.apache.portals.jetspeed-2:app-servers (>=2.1.3 <=2.1.4), org.apache.portals.jetspeed-2:jetspeed-archetype (>=2.2.1 <=2.3.0) +1 more potentially affected by CVE-2016-0712 via org.apache.portals.jetspeed-2:jetspeed (>=2.1.3 <=2.3.0)

org.apache.portals.jetspeed-2:jetspeed MAVEN version =2.1.3, =2.1.3, =2.2.1, =2.2.2, =2.3.0 Source cves: CVE-2016-0712 Source advisory: OSV:GHSA-HJ2V-85PH-8G48...

6.1CVSS6.6AI score0.03203EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2022/05/17 3:56 a.m.30 views

Cross-site Scripting in Apache Jetspeed

Cross-site scripting XSS vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to portal...

6.1CVSS4.2AI score0.03203EPSS
Exploits1References4Affected Software1
CNVD
CNVD
added 2020/11/24 12:0 a.m.1 views

JetSpeed PDF Editor is vulnerable to dll hijacking.

JetSpeed PDF Editor is a PDF editing software. JetSpeed PDF Editor has a dll hijacking vulnerability. An attacker can exploit the vulnerability to execute malicious code...

7.2AI score
Exploits0
CNVD
CNVD
added 2020/10/22 12:0 a.m.1 views

Command Execution Vulnerability in JetSpeed OCR Text Recognition Software

JetSpeed OCR text recognition software is an image and text recognition software with high recognition rate, with batch processing and high-speed recognition; the software supports multi-language recognition, support for a variety of file formats such as: JPG, GIF, PNG, BMP, TIF, PDF files and...

7.3AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/05 12:53 a.m.30 views

Security Bulletin: Multiple Security Vulnerabilities in Jetspeed Affect IBM Sterling B2B Integrator

Summary There are multiple security vulnerabilities in Jetspeed that affect IBM Sterling B2B Integrator Vulnerability Details CVEID: CVE-2016-0711 DESCRIPTION: Apache Jetspeed is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the add a link, page, or...

9CVSS0.7AI score0.77495EPSS
Exploits9Affected Software1
Check Point Advisories
Check Point Advisories
added 2016/06/16 12:0 a.m.20 views

Apache Jetspeed PageManagementService Cross-Site Scripting (CVE-2016-0711)

A cross-site scripting vulnerability exists in Apache Jetspeed. The vulnerability is due to insufficient validation of user-supplied input. Successful exploitation allows the attacker to store arbitrary scripts on the vulnerable server and have them executed in the user's browser...

4.3CVSS6.3AI score0.03065EPSS
Exploits1
Check Point Advisories
Check Point Advisories
added 2016/06/16 12:0 a.m.24 views

Apache Jetspeed Portal URI Path Cross-Site Scripting (CVE-2016-0712)

A cross-site scripting vulnerability exists in Apache Jetspeed 2. The vulnerability is due to insufficient validation of the URI path. A remote, unauthenticated attacker could exploit this vulnerability by enticing a victim user to visit a crafted web site. Successful exploitation allows the...

4.3CVSS6.4AI score0.03203EPSS
Exploits1
Check Point Advisories
Check Point Advisories
added 2016/04/19 12:0 a.m.2 views

Apache Jetspeed Privilege Escalation

A privilege escalation vulnerability exists in Apache Jetspeed. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access to the affected system...

5.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/04/18 12:0 a.m.31 views

Apache Jetspeed SQL Injection (CVE-2016-0710)

An SQL injection vulnerability exists in Apache Jetspeed. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS5.1AI score0.52351EPSS
Exploits5
Check Point Advisories
Check Point Advisories
added 2016/04/18 12:0 a.m.37 views

Apache Jetspeed Remote Code Execution (CVE-2016-0709)

A code execution vulnerability exists Apache Jetspeed. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9CVSS5.2AI score0.77495EPSS
Exploits5
CNVD
CNVD
added 2016/04/12 12:0 a.m.3 views

Apache Jetspeed User Manager Unauthorized Operation Vulnerability

Apache Jetspeed is the United States Apache Apache Software Foundation's use of Java and XML development of a set of open portal platforms and enterprise information portals. User Manager service is one of the user management services. An unauthorized operation vulnerability exists in the User...

7.5CVSS6.7AI score0.42673EPSS
Exploits0References1
OSV
OSV
added 2016/04/11 2:59 p.m.3 views

CVE-2016-2171

The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to 1 add, 2 edit, or 3 delete users via the REST API...

7.5CVSS5.8AI score0.42673EPSS
Exploits0References3
NVD
NVD
added 2016/04/11 2:59 p.m.14 views

CVE-2016-2171

The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to 1 add, 2 edit, or 3 delete users via the REST API...

7.5CVSS7.5AI score0.42673EPSS
Exploits0References3
Rows per page
Query Builder