Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS1xdnE4LWN3N2YtbTdtNM4AAzeH

Apache JSPWiki vulnerable to cross-site scripting on several plugins

A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later.

Permalink: https://github.com/advisories/GHSA-qvq8-cw7f-m7m4
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xdnE4LWN3N2YtbTdtNM4AAzeH
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 11 months ago
Updated: 6 months ago

CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Identifiers: GHSA-qvq8-cw7f-m7m4, CVE-2022-46907
References:

• https://nvd.nist.gov/vuln/detail/CVE-2022-46907
• https://lists.apache.org/thread/1m0mkq2nttx8tn94m11mytn4f0tv1504
• https://github.com/apache/jspwiki/commit/0b9a0149032170063f22d65e335dfd317db815ea
• https://github.com/apache/jspwiki/commit/46e1ef7a595ca5cabf5ef184139910413f2024fc
• https://github.com/apache/jspwiki/commit/484c6a133e397693991b7c9a9b62ef3ca48ce707
• https://github.com/apache/jspwiki/commit/75019d337f1d0033b1f65428e75f43baeffd99dd
• https://github.com/apache/jspwiki/commit/82be08904a6d8bd22fa2d4e5a7e85f43408724d3
• https://github.com/apache/jspwiki/commit/9d6dbf911d52d724297e4e46c4b80649fb028ff9
• https://github.com/apache/jspwiki/commit/df20770f251a8d7431047e556b144ef24ee6a3a7
• https://github.com/apache/jspwiki/blob/37bf55373ed5a739a388a720163cf51d1104537f/ChangeLog.md?plain=1#L112
• https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-46907
• http://www.openwall.com/lists/oss-security/2023/05/25/1
• https://github.com/advisories/GHSA-qvq8-cw7f-m7m4

Repository: https://github.com/apache/jspwiki
Blast Radius: 8.2

Affected Packages