Apache JSPWiki is an open source WikiWiki engine built on Java, Servlet and JSP from the Apache Foundation. security vulnerability exists in versions prior to Apache JSPWiki 2.11.3, which stems from a crafted request on UserPreferences.jsp could trigger a CSRF vulnerability that could be exploited by an attacker to modify the email associated with the attacked account and then request a password reset from the login page.