Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-0026

CWE-79 โ€” Cross-site Scripting (XSS)9 documents7 sources
Severity
4.3MEDIUM
EPSS
40.1%
top 2.66%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Jackrabbit
Timeline
PublishedJan 21
Latest updateMay 2

Description

Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

โ–ถNVDapache/jackrabbit1.4, 1.5.0+1

๐Ÿ”ดVulnerability Details

3
GHSA
Apache Jackrabbit contains Cross-site Scriptingโ†—2022-05-02
โ–ถ
OSV
Apache Jackrabbit contains Cross-site Scriptingโ†—2022-05-02
โ–ถ
CVEList
CVE-2009-0026: Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1โ†—2009-01-21
โ–ถ

๐Ÿ’ฅExploits & PoCs

2
Exploit-DB
Apache JackRabbit 1.4/1.5 Content Repository (JCR) - 'swr.jsp?q' Cross-Site Scriptingโ†—2009-01-20
โ–ถ
Exploit-DB
Apache JackRabbit 1.4/1.5 Content Repository (JCR) - 'search.jsp?q' Cross-Site Scriptingโ†—2009-01-20
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Red Hat
JackRabbit XSS in examplesโ†—2009-01-20
โ–ถ

๐Ÿ’ฌCommunity

2
Bugzilla
Moodle: Multiple security fixes in 1.9.7 and 1.8.11 upstream releasesโ†—2009-12-06
โ–ถ
Bugzilla
CVE-2009-0026 JackRabbit XSS in examplesโ†—2009-01-22
โ–ถ
CVE-2009-0026 (MEDIUM CVSS 4.3) | Multiple cross-site scripting (XSS) | cvebase.io