Shodan
Maps
Images
Monitor
Developer
More...
Dashboard
View Api Docs
Vulnerabilities
By Date
Known Exploited
Advanced Search
Vulnerable Software
Vendors
Products
Vulnerability Details CVE-2016-0712
Cross-site scripting (XSS) vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to portal.
Exploit prediction scoring system (EPSS) score
EPSS Score
0.026
EPSS Ranking
84.9%
CVSS Severity
CVSS v3 Score
6.1
CVSS v2 Score
4.3
References
https://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3CF868DBFC-A05C-4ABB-8B91-17CA54C174B9%40bluesunrise.com%3E
https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0712
https://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3CF868DBFC-A05C-4ABB-8B91-17CA54C174B9%40bluesunrise.com%3E
https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0712
Products affected by CVE-2016-0712
Apache
»
Jetspeed
»
Version:
2.2.0
cpe:2.3:a:apache:jetspeed:2.2.0
Apache
»
Jetspeed
»
Version:
2.2.1
cpe:2.3:a:apache:jetspeed:2.2.1
Apache
»
Jetspeed
»
Version:
2.2.2
cpe:2.3:a:apache:jetspeed:2.2.2
Apache
»
Jetspeed
»
Version:
2.3.0
cpe:2.3:a:apache:jetspeed:2.3.0
Products
Monitor
Search Engine
Developer API
Maps
Bulk Data
Images
Snippets
Pricing
Membership
API Subscriptions
Enterprise
Contact Us
support@shodan.io
Shodan ® - All rights reserved