WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2022-28732 Vulnerability in maven package org.apache.jspwiki:jspwiki-war

Description

A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later.

Remediation

References

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732

Related Vulnerabilities

CVE-2023-31206 Vulnerability in maven package org.apache.inlong:manager-service

CVE-2020-2303 Vulnerability in maven package org.jenkins-ci.plugins:active-directory

CVE-2022-47551 Vulnerability in maven package io.apiman:apiman-common-config

CVE-2023-50772 Vulnerability in maven package com.zintow:dingding-json-pusher

CVE-2023-2976 Vulnerability in maven package com.google.guava:guava

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory