CVE-2022-32533

CVE-2022-32533 affects Apache Jetspeed-2. The connected Red Hat, CNVD, PRION, CVE lists describe an input-validation flaw where untrusted input is not sufficiently filtered by default, enabling XSS, CSRF, SSRF and XXE-type issues. A mitigation mentioned across sources is to enable xss.filter.post...

CVE-2016-0709

CVE-2016-0709 is a directory traversal vulnerability in the Apache Jetspeed Portal Site Manager Import/Export function. An authenticated administrator could craft a ZIP archive containing dot-dot sequences to place arbitrary files (e.g., a JSP) on disk, enabling remote code execution. Affected ve...

CVE-2016-0710

CVE-2016-0710 affects Apache Jetspeed’s User Manager SQL injection vulnerability. The issue allows remote attackers to manipulate the back-end database by injecting SQL through the (1) role or (2) user parameter to services/usermanager/users/, before Jetspeed 2.3.1. Public references in the conne...

CVE-2016-0712

CVE-2016-0712 is a cross-site scripting (XSS) vulnerability in Apache Jetspeed, reported as exploitable via the URI path (PATH_INFO) when accessing JetSpeed portals (prior to 2.3.1). The core issue is improper validation of user-supplied input in the portal path, enabling remote attackers to inje...

CVE-2016-0711

Apache Jetspeed is vulnerable to cross-site scripting via the title field when adding a link, page, or folder, due to insufficient validation of user input. A remote attacker could inject scripts into pages viewed by users, potentially executing in the browser and, per IBM advisory, may enable th...

CVE-2016-2171

CVE-2016-2171 affects Apache Jetspeed prior to 2.3.1, where the User Manager REST API fails to properly restrict access via Jetspeed Security. This allows a remote attacker to perform add, edit, or delete operations on users through the REST API. The IBM advisory consolidates multiple Jetspeed vu...