WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2022-28732 Vulnerability in maven package org.apache.jspwiki:jspwiki-war

Description

A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later.

Remediation

References

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732

Related Vulnerabilities

CVE-2023-50775 Vulnerability in maven package org.jenkins-ci.plugins:ec2-deployment-dashboard

CVE-2015-1772 Vulnerability in maven package org.apache.hive:hive-service

CVE-2020-2139 Vulnerability in maven package org.jenkins-ci.plugins:cobertura

CVE-2017-9805 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2021-28128 Vulnerability in npm package strapi

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory