Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2021-40369 Vulnerability in maven package org.apache.jspwiki:jspwiki-main

Description

A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.0 or later.

Remediation

References

http://www.openwall.com/lists/oss-security/2022/08/03/3

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2021-40369

https://lists.apache.org/thread/r2j00nrnpjgcmoxvlv3pgfoq9kzrcsfh

Related Vulnerabilities

CVE-2019-10808 Vulnerability in npm package utilitify

CVE-2020-28423 Vulnerability in npm package monorepo-build

CVE-2019-16728 Vulnerability in maven package org.webjars.bower:dompurify

CVE-2015-8855 Vulnerability in maven package org.webjars.bower:semver

CVE-2020-11007 Vulnerability in maven package com.shopizer:sm-core-model

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory