Lucene search
ApacheCVELIST:CVE-2022-28731HistoryAug 04, 2022 - 6:15 a.m.
CVE-2022-28731 Apache JSPWiki CSRF in UserPreferences.jsp
2022-08-0406:15:43
apache
www.cve.org
4
cve-2022-28731
apache
jspwiki
csrf
userpreferences.jsp
vulnerability
email modification
reset password
A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.
CNA Affected
[
{
"product": "Apache JSPWiki",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "Apache JSPWiki up to 2.11.2",
"status": "affected",
"version": "Apache JSPWiki",
"versionType": "custom"
}
]
}
]Related
ubuntucve
ubuntucve
CVE-2022-28731
2022-08-04 00:00:00
cve
cve
CVE-2022-28731
2022-08-04 07:15:07
nvd
nvd
CVE-2022-28731
2022-08-04 07:15:07
github
github
Apache JSPWiki CSRF due to crafted request on UserPreferences.jsp
2022-08-05 00:00:30
cnvd
cnvd
Apache JSPWiki Cross-Site Request Forgery Vulnerability (CNVD-2022-76239)
2022-08-08 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-08-04 07:15:00
veracode
veracode
Cross-Site Request Forgery (CSRF)
2022-08-05 04:01:08
osv
osv
CVE-2022-28731
2022-08-04 07:15:07
Apache JSPWiki CSRF due to crafted request on UserPreferences.jsp
2022-08-05 00:00:30
openvas
openvas
Apache JSPWiki < 2.11.3 Multiple Vulnerabilities
2022-08-05 00:00:00