Moderate severityNVD Advisory· Published Jan 21, 2009· Updated Jun 16, 2026
CVE-2009-0026
CVE-2009-0026
Description
Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.jackrabbit:jackrabbitMaven | < 1.5.2 | 1.5.2 |
Affected products
3cpe:2.3:a:apache:jackrabbit:1.4:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:apache:jackrabbit:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:jackrabbit:1.5.0:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
16- www.securityfocus.com/bid/33360nvdExploit
- issues.apache.org/jira/browse/JCR-1925nvdExploitVendor AdvisoryWEB
- secunia.com/advisories/33576nvdVendor Advisory
- github.com/advisories/GHSA-6fxv-38xc-h866ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2009-0026ghsaADVISORY
- access.redhat.com/security/cve/CVE-2009-0026ghsaWEB
- bugzilla.redhat.com/show_bug.cgighsaWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/48110nvdWEB
- github.com/apache/jackrabbit/commit/36330ae8df40ceaddf9f3f95b8d4855b54921579ghsaWEB
- github.com/apache/jackrabbit/commit/fbdcc02bc35db1d23b527da7bc411087ef29bf1fghsaWEB
- www.apache.org/dist/jackrabbit/RELEASE-NOTES-1.5.2.txtghsaWEB
- www.vupen.com/english/advisories/2009/0177ghsaWEB
- securityreason.com/securityalert/4942nvd
- www.apache.org/dist/jackrabbit/RELEASE-NOTES-1.5.2.txtnvd
- www.securityfocus.com/archive/1/500196/100/0/threadednvd
- www.vupen.com/english/advisories/2009/0177nvd
News mentions
0No linked articles in our index yet.