CVE-2022-27166

Name of the Vulnerable Software and Affected Versions Apache JSPWiki versions up to and including 2.11.2

Description A carefully crafted request on the "XHRHtml2Markup.jsp" endpoint could trigger an issue, allowing an attacker to execute javascript in the victim's browser and potentially obtain sensitive information about the victim.

Recommendations For versions up to and including 2.11.2, update to version 2.11.3, which contains a fix for the problem. As a temporary workaround, consider restricting access to the "XHRHtml2Markup.jsp" endpoint until the issue is resolved.