Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2022-46907 Vulnerability in maven package org.apache.jspwiki:jspwiki-main

Description

A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later.

Remediation

References

http://www.openwall.com/lists/oss-security/2023/05/25/1

https://lists.apache.org/thread/1m0mkq2nttx8tn94m11mytn4f0tv1504

Related Vulnerabilities

CVE-2021-26291 Vulnerability in maven package org.apache.maven:apache-maven

CVE-2019-10378 Vulnerability in maven package org.jenkins-ci.plugins:testlink

CVE-2021-40369 Vulnerability in maven package org.apache.jspwiki:jspwiki-main

CVE-2020-10591 Vulnerability in maven package com.walmartlabs.concord.server:concord-server-impl

CVE-2022-39135 Vulnerability in maven package org.apache.calcite:calcite-core

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory