60 matches found
EUVD-2016-0744
Malware in sbrugna...
EUVD-2022-4165
Malicious code in bioql PyPI...
CVE-2022-32533
Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no...
Apache Jetspeed-2 Input Validation Error Vulnerability
Apache Jetspeed-2 is a very open and customizable portal platform from the Apache USA Foundation. Apache Jetspeed-2 suffers from an input validation error vulnerability that stems from Apache Jetspeed-2 failing to adequately filter untrusted user input by default, which can be exploited by an...
GHSA-H975-R69H-4W9P Insufficient user input in Apache Jetspeed-2
UNSUPPORTED WHEN ASSIGNED Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant projec...
Insufficient user input in Apache Jetspeed-2
UNSUPPORTED WHEN ASSIGNED Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant projec...
CVE-2022-32533
Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no...
Design/Logic Flaw
UNSUPPORTED WHEN ASSIGNED Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant projec...
CVE-2022-32533
CVE-2022-32533 affects Apache Jetspeed-2. The connected Red Hat, CNVD, PRION, CVE lists describe an input-validation flaw where untrusted input is not sufficiently filtered by default, enabling XSS, CSRF, SSRF and XXE-type issues. A mitigation mentioned across sources is to enable xss.filter.post...
PT-2022-21354 · Apache · Apache Jetspeed-2
Name of the Vulnerable Software and Affected Versions: Apache Jetspeed-2 affected versions not specified Description: The issue arises from insufficient filtering of untrusted user input by default, leading to problems such as XSS, CSRF, XXE, and SSRF. Setting the configuration option...
Apache Jetspeed vulnerable to SQL Injection
Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the 1 role or 2 user parameter to services/usermanager/users/...
Apache Jetspeed vulnerable to Cross-site Scripting
Multiple cross-site scripting XSS vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a 1 link, 2 page, or 3 folder resource...
Path Traversal in Apache Jetspeed
Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. dot dot in a ZIP archive entry, as demonstrated by...
GHSA-HJ2V-85PH-8G48 Cross-site Scripting in Apache Jetspeed
Cross-site scripting XSS vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to portal...
Cross-site Scripting in Apache Jetspeed
Cross-site scripting XSS vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to portal...
Apache Jetspeed Portal URI Path Cross-Site Scripting (CVE-2016-0712)
A cross-site scripting vulnerability exists in Apache Jetspeed 2. The vulnerability is due to insufficient validation of the URI path. A remote, unauthenticated attacker could exploit this vulnerability by enticing a victim user to visit a crafted web site. Successful exploitation allows the...
Apache Jetspeed PageManagementService Cross-Site Scripting (CVE-2016-0711)
A cross-site scripting vulnerability exists in Apache Jetspeed. The vulnerability is due to insufficient validation of user-supplied input. Successful exploitation allows the attacker to store arbitrary scripts on the vulnerable server and have them executed in the user's browser...
Apache Jetspeed Privilege Escalation
A privilege escalation vulnerability exists in Apache Jetspeed. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access to the affected system...
Apache Jetspeed Remote Code Execution (CVE-2016-0709)
A code execution vulnerability exists Apache Jetspeed. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Apache Jetspeed SQL Injection (CVE-2016-0710)
An SQL injection vulnerability exists in Apache Jetspeed. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...