Apache JSPWiki Cross-Site Scripting Vulnerability (CNVD-2022-83597)

Apache JSPWiki is an open source WikiWiki engine built on Java, Servlet and JSP from the Apache Foundation (USA).A security vulnerability exists in versions prior to Apache JSPWiki 2.11.3, which stems from a carefully crafted request on AJAXPreview.jsp that could trigger an XSS vulnerability.This vulnerability exploits CVE-2021-40369, the Denounce plugin dangerously renders a user-supplied URL that can be used to insert malicious input via the Denounce plugin. An attacker could use this vulnerability to execute javascript in the victim’s browser and obtain some sensitive information about the victim.