Description

A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.

Remediation

References

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732

Related Vulnerabilities

CVE-2020-2321 Vulnerability in maven package org.jenkins-ci.plugins:shelve-project-plugin

CVE-2020-2098 Vulnerability in maven package org.jenkins-ci.plugins:sounds

CVE-2018-14042 Vulnerability in maven package org.webjars.npm:bootstrap-sass

CVE-2020-11022 Vulnerability in npm package jquery

CVE-2020-27217 Vulnerability in maven package org.eclipse.hono:hono-bom

Severity

High

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Tags

Not Applicable Vendor Advisory