WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2022-46907 Vulnerability in maven package org.apache.jspwiki:jspwiki-main

Description

A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later.

Remediation

References

https://lists.apache.org/thread/1m0mkq2nttx8tn94m11mytn4f0tv1504

http://www.openwall.com/lists/oss-security/2023/05/25/1

Related Vulnerabilities

CVE-2020-2229 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2021-22096 Vulnerability in maven package org.springframework:spring-webflux

CVE-2018-1000613 Vulnerability in maven package org.bouncycastle:bcprov-jdk15on

CVE-2023-48796 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-worker

CVE-2022-41236 Vulnerability in maven package org.jenkins-ci.plugins:security-inspector

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Mailing List Vendor Advisory Third Party Advisory