Description
A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.
Remediation
References
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732
Related Vulnerabilities
CVE-2014-0119 Vulnerability in maven package org.apache.tomcat:jasper
CVE-2017-15697 Vulnerability in maven package org.apache.nifi:nifi-web-error
CVE-2022-41254 Vulnerability in maven package org.jenkins-ci.plugins:cons3rt
CVE-2023-49447 Vulnerability in maven package com.jfinal:jfinal
CVE-2023-28155 Vulnerability in maven package org.webjars.bower:request