CVE-2022-32533

Name of the Vulnerable Software and Affected Versions Apache Jetspeed-2 (affected versions not specified)

Description The issue arises from insufficient filtering of untrusted user input by default, leading to problems such as XSS, CSRF, XXE, and SSRF. Setting the configuration option xss.filter.post = true may help mitigate these issues. It's noted that Apache Jetspeed is a dormant project of Apache Portals, and no updates will be provided for this issue.

Recommendations As a temporary workaround, consider setting the configuration option xss.filter.post = true to mitigate the issues. At the moment, there is no information about a newer version that contains a fix for this vulnerability.