VYPR

Jackrabbit

by Apache

Source repositories

CVEs (3)

  • CVE-2025-53689Jul 14, 2025
    risk 0.00cvss epss 0.00

    Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit < 2.23.2 due to usage of an unsecured document build to load privileges. Users are recommended to upgrade to versions 2.20.17 (Java 8), 2.22.1 (Java 11) or 2.23.2 (Java 11, beta…

  • CVE-2015-1833May 29, 2015
    risk 0.00cvss epss 0.51

    XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a…

  • CVE-2009-0026Jan 21, 2009
    risk 0.00cvss epss 0.22

    Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.