Every CVE whose affected-product data names Apache Jetspeed, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2022-32533 — CVSS 9.8 (critical): Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and…
CVE-2016-0710 — CVSS 8.8 (high): Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute…
CVE-2016-2171 — CVSS 7.5 (high): The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote…
CVE-2016-0709 — CVSS 7.2 (high): Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote…
CVE-2016-0711 — CVSS 6.1 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script…
CVE-2016-0712 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via…