Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache Portals Jetspeed XSS, CSRF, SSRF, and XXE issues
Vulnerability Description
Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Apache Jetspeed-2 安全漏洞
Vulnerability Description
Apache Jetspeed-2是美国阿帕奇(Apache)基金会的一个非常开放和可定制的门户平台。 Apache Jetspeed-2 存在安全漏洞,该漏洞源于Apache Jetspeed-2 在默认情况下没有充分过滤不受信任的用户输入,从而导致一些问题,包括XSS、CSRF、XXE和SSRF。设置配置选项 "xss.filter.post = true "可以缓解这些问题。注意:Apache Jetspeed是Apache Portals的一个休眠项目,将不会为这个问题提供更新。
CVSS Information
N/A
Vulnerability Type
N/A