CVE-2009-0026

Name of the Vulnerable Software and Affected Versions Apache Jackrabbit versions prior to 1.5.2

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection can occur via the q parameter to specific API endpoints, such as "search.jsp" or "swr.jsp".

Recommendations For versions prior to 1.5.2, update to version 1.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "search.jsp" and "swr.jsp" endpoints to minimize the risk of exploitation. Avoid using the q parameter in these affected endpoints until the issue is resolved.