Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1ocGg4LTI5eHctcWZ4eM4AAtzL
Apache JSPWiki XSS due to crafted request in WeblogPlugin
A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later.
Permalink: https://github.com/advisories/GHSA-hph8-29xw-qfxxJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ocGg4LTI5eHctcWZ4eM4AAtzL
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: about 1 year ago
CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-hph8-29xw-qfxx, CVE-2022-28732
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-28732
- https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732
- https://github.com/advisories/GHSA-hph8-29xw-qfxx
Affected Packages
maven:org.apache.jspwiki:jspwiki-main
Dependent packages: 8Dependent repositories: 20
Downloads:
Affected Version Ranges: < 2.11.3
Fixed in: 2.11.3
All affected versions: 2.11.0, 2.11.1, 2.11.2
All unaffected versions: 2.11.3, 2.12.0, 2.12.1