CVE-2016-0711

6.1MEDIUM

Key Information:

Vendor: Apache
Status: Jetspeed
Vendor: CVE Published:; 11 April 2016

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a (1) link, (2) page, or (3) folder resource.

References

https://mail-archives.apache.org/mod_mbox/portals-jetspee...

mailing-listx_refsource_MLIST

https://portals.apache.org/jetspeed-2/security-reports.ht...

x_refsource_CONFIRM

EPSS Score

80% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 11, 2016
Vulnerability Reserved
Dec 16, 2015