Lucene search
K

84 matches found

OSV
OSV
added 2016/04/11 2:59 p.m.4 views

CVE-2016-0712

Cross-site scripting XSS vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to portal...

6.1CVSS5.9AI score0.03203EPSS
Exploits1References2
NVD
NVD
added 2016/04/11 2:59 p.m.16 views

CVE-2016-0712

Cross-site scripting XSS vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to portal...

6.1CVSS6AI score0.03203EPSS
Exploits1References2
OSV
OSV
added 2016/04/11 2:59 p.m.5 views

CVE-2016-0711

Multiple cross-site scripting XSS vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a 1 link, 2 page, or 3 folder resource...

6.1CVSS5.8AI score0.03065EPSS
Exploits1References2
NVD
NVD
added 2016/04/11 2:59 p.m.17 views

CVE-2016-0711

Multiple cross-site scripting XSS vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a 1 link, 2 page, or 3 folder resource...

6.1CVSS6.1AI score0.03065EPSS
Exploits1References2
OSV
OSV
added 2016/04/11 2:59 p.m.3 views

CVE-2016-0710

Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the 1 role or 2 user parameter to services/usermanager/users/...

8.8CVSS6.1AI score0.52351EPSS
Exploits5References6
NVD
NVD
added 2016/04/11 2:59 p.m.12 views

CVE-2016-0710

Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the 1 role or 2 user parameter to services/usermanager/users/...

8.8CVSS9.4AI score0.52351EPSS
Exploits5References6
OSV
OSV
added 2016/04/11 2:59 p.m.1 views

CVE-2016-0709

Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. dot dot in a ZIP archive entry, as demonstrated by...

7.2CVSS6AI score0.77495EPSS
Exploits5References6
NVD
NVD
added 2016/04/11 2:59 p.m.24 views

CVE-2016-0709

Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. dot dot in a ZIP archive entry, as demonstrated by...

9CVSS7.4AI score0.77495EPSS
Exploits5References6
Prion
Prion
added 2016/04/11 2:59 p.m.13 views

Directory traversal

Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. dot dot in a ZIP archive entry, as demonstrated by...

9CVSS7.3AI score0.77495EPSS
Exploits5References6Affected Software1
Prion
Prion
added 2016/04/11 2:59 p.m.18 views

Sql injection

Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the 1 role or 2 user parameter to services/usermanager/users/...

7.5CVSS9.1AI score0.52351EPSS
Exploits5References6Affected Software1
Prion
Prion
added 2016/04/11 2:59 p.m.7 views

Cross site scripting

Cross-site scripting XSS vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to portal...

4.3CVSS6AI score0.03203EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2016/04/11 2:59 p.m.12 views

Design/Logic Flaw

The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to 1 add, 2 edit, or 3 delete users via the REST API...

6.4CVSS7.2AI score0.42673EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2016/04/11 2:59 p.m.13 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a 1 link, 2 page, or 3 folder resource...

4.3CVSS6AI score0.03065EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2016/04/11 2:0 p.m.23 views

CVE-2016-0710

Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the 1 role or 2 user parameter to services/usermanager/users/...

9.4AI score0.52351EPSS
Exploits5References6
CVE
CVE
added 2016/04/11 2:0 p.m.39 views

CVE-2016-2171

CVE-2016-2171 affects Apache Jetspeed prior to 2.3.1, where the User Manager REST API fails to properly restrict access via Jetspeed Security. This allows a remote attacker to perform add, edit, or delete operations on users through the REST API. The IBM advisory consolidates multiple Jetspeed vu...

7.5CVSS8.1AI score0.42673EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2016/04/11 2:0 p.m.21 views

CVE-2016-0709

Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. dot dot in a ZIP archive entry, as demonstrated by...

7.4AI score0.77495EPSS
Exploits5References6
Cvelist
Cvelist
added 2016/04/11 2:0 p.m.26 views

CVE-2016-0712

Cross-site scripting XSS vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to portal...

6.2AI score0.03203EPSS
Exploits1References2
Cvelist
Cvelist
added 2016/04/11 2:0 p.m.20 views

CVE-2016-0711

Multiple cross-site scripting XSS vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a 1 link, 2 page, or 3 folder resource...

6.3AI score0.03065EPSS
Exploits1References2
EUVD
EUVD
added 2016/04/11 2:0 p.m.5 views

EUVD-2016-3259

The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to 1 add, 2 edit, or 3 delete users via the REST API...

7.5CVSS7.7AI score0.42673EPSS
Exploits0References3
Cvelist
Cvelist
added 2016/04/11 2:0 p.m.18 views

CVE-2016-2171

The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to 1 add, 2 edit, or 3 delete users via the REST API...

7.7AI score0.42673EPSS
Exploits0References3
Rows per page
Query Builder