Cross-Site Scripting Vulnerabilities in Apache Jetspeed by Apache
CVE-2016-0711

6.1MEDIUM

Key Information:

Vendor: Apache
Status: Jetspeed
Vendor: CVE Published:; 11 April 2016

Summary

Multiple cross-site scripting vulnerabilities in Apache Jetspeed prior to version 2.3.1 enable remote attackers to insert arbitrary web scripts or HTML. This vulnerability arises through the title parameter when adding new resources, such as links, pages, or folders, potentially leading to unauthorized actions and information disclosure.

References

https://mail-archives.apache.org/mod_mbox/portals-jetspee...

mailing-listx_refsource_MLIST

https://portals.apache.org/jetspeed-2/security-reports.ht...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 11, 2016
Vulnerability Reserved
Dec 16, 2015