CVE-2016-0711

Multiple cross-site scripting (XSS) vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a (1) link, (2) page, or (3) folder resource.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:jetspeed:*:*:*:*:*:*:*:*

History

07 Nov 2023, 02:29

Type Values Removed Values Added
References
  • {'url': 'https://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3C73AC0763-D44B-4BDF-867C-05AD4674A62F@bluesunrise.com%3E', 'name': '[portals-jetspeed-user] 20160303 [CVE-2016-0711] Apache Jetspeed information disclosure vulnerability', 'tags': ['Exploit'], 'refsource': 'MLIST'}
  • () https://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3C73AC0763-D44B-4BDF-867C-05AD4674A62F%40bluesunrise.com%3E -

Information

Published : 2016-04-11 14:59

Updated : 2024-02-28 15:21


NVD link : CVE-2016-0711

Mitre link : CVE-2016-0711

CVE.ORG link : CVE-2016-0711


JSON object : View

Products Affected

apache

  • jetspeed
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')