CVE-2008-1229

Name of the Vulnerable Software and Affected Versions JSPWiki versions 2.4.104 and 2.5.139

Description A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the editor parameter in Edit.jsp, which is a different attack vector.

Recommendations For JSPWiki version 2.4.104, update to a version that fixes this issue. For JSPWiki version 2.5.139, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the Edit.jsp page to minimize the risk of exploitation. Avoid using the editor parameter in the affected endpoint until the issue is resolved.