Apache · Apache Jspwiki · CVE-2022-24947
**Name of the Vulnerable Software and Affected Versions**
Apache JSPWiki versions prior to 2.11.2
**Description**
The Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover.
**Recommendations**
For versions prior to 2.11.2, upgrade to 2.11.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the user preferences form to minimize the risk of exploitation.