WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2022-27166 Vulnerability in maven package org.apache.jspwiki:jspwiki-war

Description

A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

Remediation

References

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732

Related Vulnerabilities

CVE-2014-3574 Vulnerability in maven package org.apache.poi:poi-ooxml

CVE-2012-0022 Vulnerability in maven package org.apache.tomcat:catalina

CVE-2021-32730 Vulnerability in maven package org.xwiki.platform:xwiki-platform-administration-ui

CVE-2017-1000118 Vulnerability in maven package com.typesafe.akka:akka-http-core_2.11

CVE-2023-29524 Vulnerability in maven package org.xwiki.platform:xwiki-platform-scheduler-ui

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory