'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_other:Apache Jetspeed PageManagementService Cross-Site Scripting(Rule ID:1070310023)

Release Date2025/9/15

Rule NameCVE-2016-0711: Apache Jetspeed PageManagementService Cross-Site Scripting Vulnerability

Severity:mid

CVE IDCVE-2016-0711

 

Descripiton

A cross-site scripting vulnerability has been reported in the PageManagementService.class of Apache Jetspeed 2. The vulnerability is due to insufficient validation of user-supplied input in functions responsible for adding certain objects. A remote, unauthenticated attacker could exploit this vulnerability by enticing an authenticated victim user to visit a crafted web site. Successful exploitation allows the attacker to store arbitrary scripts on the vulnerable server and have them executed in the user's browser. This rule supports to defend the A6: Vulnerable and Outdated Components and A3: Injection of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.