WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2022-28732 Vulnerability in maven package org.apache.jspwiki:jspwiki-main

Description

A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later.

Remediation

References

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732

Related Vulnerabilities

CVE-2022-43396 Vulnerability in maven package org.apache.kylin:kylin-core-common

CVE-2018-1999027 Vulnerability in maven package org.jenkins-ci.plugins:saltstack

CVE-2019-10350 Vulnerability in maven package org.jenkins-ci.plugins:port-allocator

CVE-2023-28672 Vulnerability in maven package org.jenkinsci.plugins:octoperf

CVE-2010-2227 Vulnerability in maven package org.apache.tomcat:coyote

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory