Vulnerability Details CVE-2016-0711
Multiple cross-site scripting (XSS) vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a (1) link, (2) page, or (3) folder resource.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.026
EPSS Ranking 84.9%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3C73AC0763-D44B-4BDF-867C-05AD4674A62F%40bluesunrise.com%3E
- https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0711
- https://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3C73AC0763-D44B-4BDF-867C-05AD4674A62F%40bluesunrise.com%3E
- https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0711
Products affected by CVE-2016-0711
-
cpe:2.3:a:apache:jetspeed:2.2.0
-
cpe:2.3:a:apache:jetspeed:2.2.1
-
cpe:2.3:a:apache:jetspeed:2.2.2
-
cpe:2.3:a:apache:jetspeed:2.3.0