Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option xss.filter.post = true may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue
Name | Vendor | Start Version | End Version |
---|---|---|---|
Jetspeed | Apache | 2.2.0 (including) | * |