GHSA-6fxv-38xc-h866, CVE-2009-0026
maven/org.apache.jackrabbit/jackrabbit
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
All versions before 1.5.2
Upgrade to version 1.5.2 or above.
2023-02-03
source |