Description
A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later.
Remediation
References
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732
Related Vulnerabilities
CVE-2022-43396 Vulnerability in maven package org.apache.kylin:kylin-core-common
CVE-2018-1999027 Vulnerability in maven package org.jenkins-ci.plugins:saltstack
CVE-2019-10350 Vulnerability in maven package org.jenkins-ci.plugins:port-allocator
CVE-2023-28672 Vulnerability in maven package org.jenkinsci.plugins:octoperf
CVE-2010-2227 Vulnerability in maven package org.apache.tomcat:coyote