Lucene search

GitHub Advisory DatabaseGHSA-2FXF-QJ94-3F83

HistoryAug 05, 2022 - 12:00 a.m.

Apache JSPWiki XSS due to crafted request on XHRHtml2Markup.jsp

2022-08-0500:00:31

CWE-79

GitHub Advisory Database

github.com

apache jspwiki

xss

xhrhtml2markup.jsp

vulnerability

2.11.2

2.11.3

javascript

fix

information security

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

56.1%

JSON

A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. Version 2.11.3 contains a fix for the problem

Affected configurations

Vulners

Node

org.apache.jspwikijspwiki-mainRange≤2.11.2

VendorProductVersionCPE
org.apache.jspwikijspwiki-main*cpe:2.3:a:org.apache.jspwiki:jspwiki-main:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
org.apache.jspwiki	jspwiki-main	*	cpe:2.3:a:org.apache.jspwiki:jspwiki-main::::::::

References

github.com/advisories/GHSA-2fxf-qj94-3f83

jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732

nvd.nist.gov/vuln/detail/CVE-2022-27166

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

56.1%

JSON

Related for GHSA-2FXF-QJ94-3F83