WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2022-27166 Vulnerability in maven package org.apache.jspwiki:jspwiki-war

Description

A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

Remediation

References

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732

Related Vulnerabilities

CVE-2017-1000394 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2022-3143 Vulnerability in maven package org.wildfly.security:wildfly-elytron-credential

CVE-2011-2204 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2020-2138 Vulnerability in maven package org.jenkins-ci.plugins:cobertura

CVE-2020-6457 Vulnerability in maven package org.webjars.npm:electron

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory