Lucene search
RootSSV:4686HistoryFeb 02, 2009 - 12:00 a.m.
Apache Jackrabbit q参数跨站脚本漏洞
2009-02-0200:00:00
Root
www.seebug.org
5
0.018 Low
EPSS
Percentile
86.6%
BUGTRAQ ID: 33360
CVE(CAN) ID: CVE-2009-0026
Apache Jackrabbit是一个完全遵守Java API版的内容存储规范(JCR)的实现。
Apache Jackrabbit的search.jsp和swr.jsp页面没有正确地过滤q参数便返回给了用户,这允许远程攻击者通过提交恶意请求执行跨站脚本攻击,在用户浏览器会话中执行任意HTML和脚本代码。
Apache Group Jackrabbit 1.5.0
Apache Group Jackrabbit 1.4
Apache Group
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://httpd.apache.org/” target=“_blank”>http://httpd.apache.org/</a>
http://www.example.com/search.jsp?q=%25%22%3Cscript%3Ealert(1)%3C/script%3E
http://www.example.com/swr.jsp?q=%25&quot;&lt;script&gt;alert(1)&lt;/script&gt;&amp;swrnum=1
Related
veracode
veracode
Cross-Site Scripting (XSS)
2018-11-09 03:04:23
github
github
Apache Jackrabbit contains Cross-site Scripting
2022-05-02 03:12:28
securityvulns
securityvulns
[Full-disclosure] [ANNOUNCE] Apache Jackrabbit 1.5.2 released
2009-01-20 00:00:00
prion
prion
Cross site scripting
2009-01-21 20:30:00
nessus
nessus
Apache Jackrabbit 'q' Parameter XSS
2009-01-23 00:00:00
osv
osv
Apache Jackrabbit contains Cross-site Scripting
2022-05-02 03:12:28
cve
cve
CVE-2009-0026
2009-01-21 20:30:00