CVE-2016-0712

Cross-site scripting (XSS) vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to portal.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:jetspeed:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:42

Type Values Removed Values Added
References () https://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3CF868DBFC-A05C-4ABB-8B91-17CA54C174B9%40bluesunrise.com%3E - () https://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3CF868DBFC-A05C-4ABB-8B91-17CA54C174B9%40bluesunrise.com%3E -
References () https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0712 - Exploit, Vendor Advisory () https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0712 - Exploit, Vendor Advisory

07 Nov 2023, 02:29

Type Values Removed Values Added
References
  • {'url': 'https://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3CF868DBFC-A05C-4ABB-8B91-17CA54C174B9@bluesunrise.com%3E', 'name': '[portals-jetspeed-user] 20160303 [CVE-2016-0712] Apache Jetspeed information disclosure vulnerability', 'tags': ['Exploit'], 'refsource': 'MLIST'}
  • () https://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3CF868DBFC-A05C-4ABB-8B91-17CA54C174B9%40bluesunrise.com%3E -

Information

Published : 2016-04-11 14:59

Updated : 2024-11-21 02:42


NVD link : CVE-2016-0712

Mitre link : CVE-2016-0712

CVE.ORG link : CVE-2016-0712


JSON object : View

Products Affected

apache

  • jetspeed
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')