Vulnerabilities > Apache > Jetspeed

DATE CVE VULNERABILITY TITLE RISK
2022-07-06 CVE-2022-32533 Unspecified vulnerability in Apache Jetspeed
Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF.
network
low complexity
apache
critical
9.8
2016-04-11 CVE-2016-2171 Permissions, Privileges, and Access Controls vulnerability in Apache Jetspeed
The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the REST API.
network
low complexity
apache CWE-264
7.5
2016-04-11 CVE-2016-0712 Cross-site Scripting vulnerability in Apache Jetspeed
Cross-site scripting (XSS) vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to portal.
network
low complexity
apache CWE-79
6.1
2016-04-11 CVE-2016-0711 Cross-site Scripting vulnerability in Apache Jetspeed
Multiple cross-site scripting (XSS) vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a (1) link, (2) page, or (3) folder resource.
network
low complexity
apache CWE-79
6.1
2016-04-11 CVE-2016-0710 SQL Injection vulnerability in Apache Jetspeed
Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.
network
low complexity
apache CWE-89
8.8
2016-04-11 CVE-2016-0709 Path Traversal vulnerability in Apache Jetspeed
Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a ..
network
low complexity
apache CWE-22
7.2