CVE-2022-28732

Name of the Vulnerable Software and Affected Versions Apache JSPWiki versions prior to 2.11.3

Description A carefully crafted request could trigger a vulnerability on Apache JSPWiki, allowing an attacker to execute javascript in the victim's browser and obtain sensitive information. The issue can be triggered through specific requests on certain plugins or pages, such as WeblogPlugin or XHRHtml2Markup.jsp.

Recommendations For versions prior to 2.11.3, upgrade to 2.11.3 or later to resolve the issue. As a temporary workaround, consider restricting access to vulnerable plugins or pages, such as WeblogPlugin or XHRHtml2Markup.jsp, until the upgrade is applied.