CVE-2022-28090

Name of the Vulnerable Software and Affected Versions Jspxcms version 10.2.0

Description The issue allows attackers to execute a Server-Side Request Forgery (SSRF) via the API endpoint "/cmscp/ext/collect/fetch url.do" with the url parameter. This can potentially lead to unauthorized access to internal resources.

Recommendations For Jspxcms version 10.2.0, as a temporary workaround, consider restricting access to the "/cmscp/ext/collect/fetch url.do" API endpoint to minimize the risk of exploitation. Avoid using the url parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.