Hi Experts,

Can anyone help me understand the purpose of the below servlet and what it is used for?

http://localhost:4502/libs/cq/contentinsight/proxy/reportingservices.json.GET.servlet.a.23.css

Our team reported a vulnerability that using this servlet they can perform SSRF attacks and reach to the publisher bypassing the dispatcher.

While restricting it is an immediate measure we have taken but would like to understand the impact of restricting at the dispatcher.

Any inputs or links referring to the original documentation would be of great help

Regards

Kartheek