Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0yZnhmLXFqOTQtM2Y4M84AAtzp
Apache JSPWiki XSS due to crafted request on XHRHtml2Markup.jsp
A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Version 2.11.3 contains a fix for the problem
Permalink: https://github.com/advisories/GHSA-2fxf-qj94-3f83JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yZnhmLXFqOTQtM2Y4M84AAtzp
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: about 1 year ago
CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-2fxf-qj94-3f83, CVE-2022-27166
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-27166
- https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732
- https://github.com/advisories/GHSA-2fxf-qj94-3f83
Affected Packages
maven:org.apache.jspwiki:jspwiki-main
Dependent packages: 8Dependent repositories: 20
Downloads:
Affected Version Ranges: <= 2.11.2
Fixed in: 2.11.3
All affected versions: 2.11.0, 2.11.1, 2.11.2
All unaffected versions: 2.11.3, 2.12.0, 2.12.1