Cross-Site Scripting Vulnerabilities in Apache Jackrabbit
CVE-2009-0026

Currently unrated

Key Information:

Vendor: Apache
Status: Jackrabbit
Vendor: CVE Published:; 21 January 2009

Summary

Apache Jackrabbit, prior to version 1.5.2, is vulnerable to multiple cross-site scripting (XSS) issues. Remote attackers can exploit these vulnerabilities by injecting arbitrary web scripts or HTML through the 'q' parameter in 'search.jsp' and 'swr.jsp'. This can lead to unauthorized actions being performed on behalf of users and exposure of sensitive data.

References

http://securityreason.com/securityalert/4942

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/archive/1/500196/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.apache.org/dist/jackrabbit/RELEASE-NOTES-1.5.2...

x_refsource_CONFIRM

EPSS Score

28% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 21, 2009
Vulnerability Reserved
Dec 15, 2008