GHSA-6fxv-38xc-h866
Suggest an improvement- Source
- https://github.com/advisories/GHSA-6fxv-38xc-h866
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6fxv-38xc-h866/GHSA-6fxv-38xc-h866.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-6fxv-38xc-h866
- Aliases
-
- CVE-2009-0026
- Published
- 2022-05-02T03:12:28Z
- Modified
- 2024-12-08T05:30:04.137963Z
- Summary
- Apache Jackrabbit contains Cross-site Scripting
- Details
-
Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
- Database specific
{ "nvd_published_at": "2009-01-21T20:30:00Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-02-03T00:19:58Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2009-0026
- https://github.com/apache/jackrabbit/commit/36330ae8df40ceaddf9f3f95b8d4855b54921579
- https://github.com/apache/jackrabbit/commit/fbdcc02bc35db1d23b527da7bc411087ef29bf1f
- https://access.redhat.com/security/cve/CVE-2009-0026
- https://bugzilla.redhat.com/show_bug.cgi?id=481126
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48110
- https://issues.apache.org/jira/browse/JCR-1925
- https://www.apache.org/dist/jackrabbit/RELEASE-NOTES-1.5.2.txt
- https://www.vupen.com/english/advisories/2009/0177
Affected packages
Maven / org.apache.jackrabbit:jackrabbit
Package
- Name
- org.apache.jackrabbit:jackrabbit
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.jackrabbit/jackrabbit