[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2022-32533: Apache Portals Jetspeed XSS, CSRF, SSRF, and XXE issues
From: "Mark J. Cox" <mjc () apache ! org>
Date: 2022-07-06 9:35:31
Message-ID: a7a38ea0-98f0-f98b-8608-ec6d84807238 () apache ! org
[Download RAW message or body]
Severity: moderate
Description:
** UNSUPPORTED WHEN ASSIGNED ** Apache Jetspeed-2 does not sufficiently filter untrusted user \
input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the \
configuration option "xss.filter.post = true" may mitigate these issues.
NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided \
for this issue.
Credit:
Thanks to RunningSnail for reporting.
References:
https://lists.apache.org/thread/d3g248pr03x8rvmh8p2t3xdlw0wn5dz2
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic