VYPR

Maven package

org.apache.portals.jetspeed-2/jetspeed-commons

pkg:maven/org.apache.portals.jetspeed-2/jetspeed-commons

Vulnerabilities (2)

  • CVE-2022-32533Jul 6, 2022
    affected <= 2.3.1

    Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apac

  • CVE-2016-0711MedApr 11, 2016
    affected < 2.3.1fixed 2.3.1

    Multiple cross-site scripting (XSS) vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a (1) link, (2) page, or (3) folder resource.