CVE-2022-32533

Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no...

Apache Jetspeed-2 Input Validation Error Vulnerability

Apache Jetspeed-2 is a very open and customizable portal platform from the Apache USA Foundation. Apache Jetspeed-2 suffers from an input validation error vulnerability that stems from Apache Jetspeed-2 failing to adequately filter untrusted user input by default, which can be exploited by an...

GHSA-H975-R69H-4W9P Insufficient user input in Apache Jetspeed-2

UNSUPPORTED WHEN ASSIGNED Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant projec...

Insufficient user input in Apache Jetspeed-2

UNSUPPORTED WHEN ASSIGNED Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant projec...

CVE-2022-32533

Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no...

Design/Logic Flaw

UNSUPPORTED WHEN ASSIGNED Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant projec...

CVE-2022-32533

CVE-2022-32533 affects Apache Jetspeed-2. The connected Red Hat, CNVD, PRION, CVE lists describe an input-validation flaw where untrusted input is not sufficiently filtered by default, enabling XSS, CSRF, SSRF and XXE-type issues. A mitigation mentioned across sources is to enable xss.filter.post...

Apache Jetspeed Portal URI Path Cross-Site Scripting (CVE-2016-0712)

A cross-site scripting vulnerability exists in Apache Jetspeed 2. The vulnerability is due to insufficient validation of the URI path. A remote, unauthenticated attacker could exploit this vulnerability by enticing a victim user to visit a crafted web site. Successful exploitation allows the...