CVE-2016-0712: Cross-site scripting (XSS) vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to…

medium6.1CVSS 3.0

AVNACLPRNUIRSCCLILAN

Cross-site scripting (XSS) vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to portal.

Affected

1 ranges

Vendor	Product	Version range	Fixed in
apache	jetspeed	<= 2.3.0	—