Apache Jetspeed Portal URI Path Reflected XSS
Medium Nessus Plugin ID 90247
SynopsisThe remote host is affected by a cross-site scripting vulnerability.
DescriptionThe Apache Jetspeed application running on the remote host is affected by a reflected cross-site scripting (XSS) vulnerability in the /portal script due to improper validation of URI path input before returning it to the users. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.
Note that Apache Jetspeed is reported to be affected by other vulnerabilities as well; however, Nessus has not tested for these.
SolutionUpgrade to Apache Jetspeed version 2.3.1 when it becomes available.