Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option “xss.filter.post = true” may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue
[
{
"product": "Apache Portals",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "Jetspeed 2.3.1"
}
]
}
]