Description

A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

Remediation

References

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732

Related Vulnerabilities

CVE-2015-5174 Vulnerability in maven package org.apache.tomcat:tomcat-util

CVE-2020-10203 Vulnerability in maven package org.sonatype.nexus:nexus-core

CVE-2018-14041 Vulnerability in maven package org.webjars:bootstrap

CVE-2022-36882 Vulnerability in maven package org.jenkins-ci.plugins:git

CVE-2019-17563 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory