Wang Ran

#14350of 53,634
18.7Total CVSS
Vulnerabilities · 3
Medium
3
PT-2022-19198
6.1
2022-08-04
Apache · Apache Jspwiki · CVE-2022-28730
**Name of the Vulnerable Software and Affected Versions** Apache JSPWiki versions prior to 2.11.3 **Description** A carefully crafted request on "AJAXPreview.jsp" could trigger an issue that allows an attacker to execute javascript in the victim's browser and obtain sensitive information. This issue leverages a problem where the Denounce plugin dangerously renders user-supplied URLs. The patch for this problem was found to be incomplete, as it was still possible to insert malicious input via the Denounce plugin. **Recommendations** For versions prior to 2.11.3, upgrade to 2.11.3 or later. As a temporary workaround, consider disabling the Denounce plugin until a patch is available. Restrict access to the "AJAXPreview.jsp" page to minimize the risk of exploitation. Avoid using the Denounce plugin to render user-supplied URLs until the issue is resolved.
PT-2022-19199
6.5
2022-08-04
Apache · Apache Jspwiki · CVE-2022-28731
**Name of the Vulnerable Software and Affected Versions** Apache JSPWiki versions prior to 2.11.3 **Description** A carefully crafted request on "UserPreferences.jsp" could trigger a CSRF issue, allowing an attacker to modify the email associated with the attacked account, and then initiate a reset password request from the login page. **Recommendations** For versions prior to 2.11.3, update to version 2.11.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "UserPreferences.jsp" page until a patch is applied.
PT-2022-19200
6.1
2022-08-04
Apache · Apache Jspwiki · CVE-2022-28732
**Name of the Vulnerable Software and Affected Versions** Apache JSPWiki versions prior to 2.11.3 **Description** A carefully crafted request could trigger a vulnerability on Apache JSPWiki, allowing an attacker to execute javascript in the victim's browser and obtain sensitive information. The issue can be triggered through specific requests on certain plugins or pages, such as WeblogPlugin or XHRHtml2Markup.jsp. **Recommendations** For versions prior to 2.11.3, upgrade to 2.11.3 or later to resolve the issue. As a temporary workaround, consider restricting access to vulnerable plugins or pages, such as WeblogPlugin or XHRHtml2Markup.jsp, until the upgrade is applied.