481126 – (CVE-2009-0026) CVE-2009-0026 JackRabbit XSS in examples

Bug 481126 (CVE-2009-0026) - CVE-2009-0026 JackRabbit XSS in examples

Summary: CVE-2009-0026 JackRabbit XSS in examples

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2009-0026
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-01-22 09:39 UTC by Marc Schoenefeld
Modified:	2019-09-29 12:28 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2015-08-21 22:49:54 UTC
Embargoed:

Attachments	(Terms of Use)

Description Marc Schoenefeld 2009-01-22 09:39:42 UTC

Multiple cross-site scripting (XSS) vulnerabilities in Apache
Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web
script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.


Fixed in version 1.5.2: 
http://www.securityfocus.com/archive/1/archive/1/500196/100/0/threaded

Details: 
https://issues.apache.org/jira/browse/JCR-1925

Comment 1 Vincent Danen 2015-08-21 22:49:54 UTC

We do not ship anything with this old version anymore.

Note You need to log in before you can comment on or make changes to this bug.