CVE-2022-32533

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in maven/org.apache.portals.jetspeed-2/jetspeed-commons

Identifiers

GHSA-h975-r69h-4w9p, CVE-2022-32533

Package Slug

maven/org.apache.portals.jetspeed-2/jetspeed-commons

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue.

Affected Versions

All versions up to 2.3.1

Solution

Unfortunately, there is no solution as this project has been deprecated.

Last Modified

2022-07-25

source