Jukka Zitting

**Name of the Vulnerable Software and Affected Versions** Apache Jackrabbit versions prior to 1.5.2 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection can occur via the `q` parameter to specific API endpoints, such as "search.jsp" or "swr.jsp". **Recommendations** For versions prior to 1.5.2, update to version 1.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "search.jsp" and "swr.jsp" endpoints to minimize the risk of exploitation. Avoid using the `q` parameter in these affected endpoints until the issue is resolved.