Description

A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

Remediation

References

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732

Related Vulnerabilities

CVE-2023-24977 Vulnerability in maven package org.apache.inlong:manager-pojo

CVE-2018-14041 Vulnerability in maven package org.webjars.bower:bootstrap

CVE-2019-10458 Vulnerability in maven package org.jenkins-ci.plugins.workflow:puppet-enterprise-pipeline

CVE-2017-1000090 Vulnerability in maven package org.jenkins-ci.plugins:role-strategy

CVE-2019-10431 Vulnerability in maven package org.jenkins-ci.plugins:script-security

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory