Security Updates

• Multiple deserialization vulnerabilities in FasterXML Jackson2 databind
  26-04-2018      affects versions : 12.2, 11.2, 10.2


• XSS vulnerability in JSoup (CVE-2015-6748)
  26-04-2018      affects versions : 12.2, 11.2, 10.2


• XSS vulnerability in CKEditor 'image2' plugin
  26-04-2018      affects versions : 12.2, 12.1, 11.2


• XXE vulnerability in Apache PDFBox (CVE-2016-2175)
  26-04-2018      affects versions : 12.2, 11.2, 10.2


• Deserialization of Untrusted Data in Apache Tika (CVE-2016-6809)
  26-04-2018      affects versions : 12.2, 11.2, 10.2


• Improper Input Validation in Apache Commons BeanUtils (CVE-2014-0114)
  26-04-2018      affects versions : 12.2, 11.2, 10.2


• CSRF vulnerability in Apache Jackrabbit webdav module (CVE-2016-6801)
  26-04-2018      affects versions : 11.2, 10.2


• Multiple Vulnerabilities in Apache HTTP Components and Apache HTTP Client
  26-04-2018      affects versions : 12.2, 11.2, 10.2


• XSS vulnerabilities in translation dialogs
  26-04-2018      affects versions : 12.2, 11.2, 10.2


• XSS vulnerability in reporting dashboard via document names
  26-04-2018      affects versions : 12.2, 11.2, 10.2


• XSS vulnerability in Dashboard via user IDs
  26-04-2018      affects versions : 12.2, 11.2, 10.2


• XSS vulnerability in Channels list view via custom channel properties
  26-04-2018      affects versions : 12.2, 11.2, 10.2


• Possible XSS attack through external link in site menu items
  23-03-2018      affects versions : 12.1, 12.0, 11.2, 10.2


• Possible XSS attack using data: protocol in rich-text fields
  23-03-2018      affects versions : 12.1, 12.0, 11.2, 10.2


• Possible XSS attack using SVG image embedded Javascript
  23-03-2018      affects versions : 12.1, 12.0, 11.2, 10.2


• Possible XSS attack through label on 404-page
  23-03-2018      affects versions : 12.1, 12.0, 11.2, 10.2


• CVE-2017-12624: DoS vulnerability in Apache CXF prior to versions 3.2.1, 3.1.14 and 3.0.16
  26-01-2018      affects versions : 12.0, 11.2, 10.2


• Unvalidated redirect used during authentication handshake between ChannelManager and Site
  28-04-2017      affects versions : 11.1, 10.2, 7.9


• Unvalidated access to CSS and JS resources
  28-04-2017      affects versions : 11.1, 10.2, 7.9


• XSS vulnerability in Hippo CMS Repository Servlet
  03-11-2016      affects versions : 11.0, 10.2, 10.1, 10.0, 7.9


• CMS preview channel session not immediately invalidated when CMS user logs out
  31-10-2016      affects versions : 10.2, 10.1, 10.0, 7.9


• CSRF vulnerability in Hippo CMS application
  12-04-2016      affects versions : 10.2, 10.1, 10.0, 7.9, 7.8


• XXE and XSS vulnerabilities in Hippo CMS application
  29-01-2016      affects versions : 10.1, 10.0, 7.9, 7.8


• Security Advisory Concerning Java Deserialization Vulnerability
  18-11-2015      affects versions : N/A


• Web File Resources Downloadable from the Browser
  17-11-2015      affects versions : 10.1, 10.0

• Previous
• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8