Apache Jetspeed
5 CVEs affecting Apache Jetspeed. Latest disclosed: 2016-04-11. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-0710 | High | 8.8 | 2016-04-11 | Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via… |
CVE-2016-2171 | High | 7.5 | 2016-04-11 | The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (… |
CVE-2016-0709 | High | 7.2 | 2016-04-11 | Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administ… |
CVE-2016-0712 | Medium | 6.1 | 2016-04-11 | Cross-site scripting (XSS) vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to po… |
CVE-2016-0711 | Medium | 6.1 | 2016-04-11 | Multiple cross-site scripting (XSS) vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title… |