PT-2023-15104 · Apache · Apache Jspwiki
Eugene Lim
+1
·
Published
2023-05-25
·
Updated
2023-06-01
·
CVE-2022-46907
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Apache JSPWiki versions prior to 2.12.0
Description
A carefully crafted request on several JSPWiki plugins could trigger an issue that allows the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
Recommendations
For versions prior to 2.12.0, upgrade to 2.12.0 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Jspwiki