Description
A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later.
Remediation
References
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732
Related Vulnerabilities
CVE-2008-6504 Vulnerability in maven package opensymphony:xwork
CVE-2017-18354 Vulnerability in npm package rendertron-middleware
CVE-2023-37945 Vulnerability in maven package io.jenkins.plugins:miniorange-saml-sp
CVE-2019-10445 Vulnerability in maven package org.jenkins-ci.plugins:google-kubernetes-engine
CVE-2020-7011 Vulnerability in npm package @elastic/app-search-node