Cross-Site Scripting Vulnerabilities in Apache Jackrabbit
CVE-2009-0026

Currently unrated

Key Information:

Vendor

Apache
Status
Jackrabbit
Vendor
CVE Published:
21 January 2009

What is CVE-2009-0026?

Apache Jackrabbit, prior to version 1.5.2, is vulnerable to multiple cross-site scripting (XSS) issues. Remote attackers can exploit these vulnerabilities by injecting arbitrary web scripts or HTML through the 'q' parameter in 'search.jsp' and 'swr.jsp'. This can lead to unauthorized actions being performed on behalf of users and exposure of sensitive data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://securityreason.com/securityalert/4942
third-party-advisoryx_refsource_SREASON
http://www.securityfocus.com/archive/1/500196/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://www.apache.org/dist/jackrabbit/RELEASE-NOTES-1.5.2...
x_refsource_CONFIRM

EPSS Score

42% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.