[MAVEN:GHSA-6FXV-38XC-H866] Apache Jackrabbit contains Cross-site Scripting

Severity Moderate

Affected Packages 1

Fixed Packages 1

CVEs 1

Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.

Package	Affected Version
pkg:maven/org.apache.jackrabbit/jackrabbit	< 1.5.2

Package	Fixed Version
pkg:maven/org.apache.jackrabbit/jackrabbit	= 1.5.2

ID: MAVEN:GHSA-6FXV-38XC-H866
Severity: moderate
URL: https://github.com/advisories/GHSA-6fxv-38xc-h866
Published: 2022-05-02T03:12:28
(2 years ago)
Modified: 2023-02-13T17:52:02
(19 months ago)
Rights: Maven Security Team

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2009-0026
			https://issues.apache.org/jira/browse/JCR-1925
			https://github.com/apache/jackrabbit/commit/36330ae8df40ceaddf9f3f95b8d4855b54921579
			https://github.com/apache/jackrabbit/commit/fbdcc02bc35db1d23b527da7bc411087ef29bf1f
			https://access.redhat.com/security/cve/CVE-2009-0026
			https://bugzilla.redhat.com/show_bug.cgi?id=481126
			https://exchange.xforce.ibmcloud.com/vulnerabilities/48110
			https://www.apache.org/dist/jackrabbit/RELEASE-NOTES-1.5.2.txt
			https://www.vupen.com/english/advisories/2009/0177
			https://github.com/advisories/GHSA-6fxv-38xc-h866

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.apache.jackrabbit/jackrabbit	org.apache.jackrabbit	jackrabbit	< 1.5.2
Fixed	pkg:maven/org.apache.jackrabbit/jackrabbit	org.apache.jackrabbit	jackrabbit	= 1.5.2

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date