CVE-2022-32533
published 2022-07-06CVE-2022-32533: Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | jetspeed | >= 2.2.0 | — |
| apache_software_foundation | apache_portals | — | — |