Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 06 Jul 2022 09:35:31 +0000
From: "Mark J. Cox" <>
Subject: CVE-2022-32533: Apache Portals Jetspeed XSS, CSRF, SSRF, and XXE

Severity: moderate


** UNSUPPORTED WHEN ASSIGNED ** Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF.  Setting the configuration option " = true" may mitigate these issues.

NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue.  


Thanks to RunningSnail for reporting.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.