Filtered by vendor Apache
Subscriptions
Filtered by product Portals Jetspeed
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-32533 | 1 Apache | 2 Jetspeed, Portals Jetspeed | 2024-11-21 | 9.8 Critical |
| Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue | ||||
Page 1 of 1.