WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2022-28732 Vulnerability in maven package org.apache.jspwiki:jspwiki-main

Description

A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later.

Remediation

References

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732

Related Vulnerabilities

CVE-2019-1003044 Vulnerability in maven package org.jenkins-ci.plugins:slack

CVE-2019-16550 Vulnerability in maven package org.jenkins-ci.plugins.m2release:m2release

CVE-2022-1415 Vulnerability in maven package org.drools:drools-core

CVE-2022-0084 Vulnerability in maven package org.jboss.xnio:xnio-api

CVE-2023-32070 Vulnerability in maven package org.xwiki.rendering:xwiki-rendering-xml

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory