CVE-2022-32533

Summary

Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache PortalsJetspeed 2.3.1affected

Weaknesses

  • CWE-79: CWE-79: Cross-Site Scripting (XSS); CWE-352: Cross-Site Request Forgery (CSRF); CWE-918: Server-Side Request Forgery (SSRF); CWE-611: XML eXternal Entities (XXE)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

CVE Program Container

Additional References

References