Description

A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later.

Remediation

References

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732

Related Vulnerabilities

CVE-2016-4468 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-common

CVE-2023-24997 Vulnerability in maven package org.apache.inlong:manager-pojo

CVE-2022-41931 Vulnerability in maven package org.xwiki.platform:xwiki-platform-icon-ui

CVE-2022-34197 Vulnerability in maven package org.jenkins-ci.plugins:sauce-ondemand

CVE-2012-4534 Vulnerability in maven package org.apache.tomcat:coyote

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory