Lucene search
Veracode Vulnerability DatabaseVERACODE:7714HistoryNov 09, 2018 - 3:04 a.m.
Cross-Site Scripting (XSS)
2018-11-0903:04:23
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
0.018 Low
EPSS
Percentile
88.0%
Jackrabbit Web Application is susceptible to cross-site scripting (XSS) attack. The attack exists because it does not escape the q parameter to (1) search.jsp or (2) swr.jsp.
| CPE | Name | Operator | Version |
|---|---|---|---|
| jackrabbit web application | le | 1.5.0 | |
| jackrabbit web application | le | 1.5.0 |
References
secunia.com/advisories/33576
securityreason.com/securityalert/4942
www.apache.org/dist/jackrabbit/RELEASE-NOTES-1.5.2.txt
www.securityfocus.com/archive/1/500196/100/0/threaded
www.securityfocus.com/bid/33360
www.vupen.com/english/advisories/2009/0177
access.redhat.com/security/cve/CVE-2009-0026
bugzilla.redhat.com/show_bug.cgi?id=481126
exchange.xforce.ibmcloud.com/vulnerabilities/48110
issues.apache.org/jira/browse/JCR-1925
Related
seebug
seebug
Apache Jackrabbit q参数跨站脚本漏洞
2009-02-02 00:00:00
github
github
Apache Jackrabbit contains Cross-site Scripting
2022-05-02 03:12:28
cvelist
cvelist
CVE-2009-0026
2009-01-21 20:00:00
nessus
nessus
Apache Jackrabbit 'q' Parameter XSS
2009-01-23 00:00:00
securityvulns
securityvulns
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2009-01-20 00:00:00
[Full-disclosure] [ANNOUNCE] Apache Jackrabbit 1.5.2 released
2009-01-20 00:00:00
prion
prion
Cross site scripting
2009-01-21 20:30:00
cve
cve
CVE-2009-0026
2009-01-21 20:30:00
osv
osv
Apache Jackrabbit contains Cross-site Scripting
2022-05-02 03:12:28
nvd
nvd
CVE-2009-0026
2009-01-21 20:30:00