CVE-2009-0026

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in maven/org.apache.jackrabbit/jackrabbit

Identifiers

GHSA-6fxv-38xc-h866, CVE-2009-0026

Package Slug

maven/org.apache.jackrabbit/jackrabbit

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.

Affected Versions

All versions before 1.5.2

Solution

Upgrade to version 1.5.2 or above.

Last Modified

2023-02-03

source