Lucene search

GitHub Advisory DatabaseGHSA-HPH8-29XW-QFXX

HistoryAug 05, 2022 - 12:00 a.m.

Apache JSPWiki XSS due to crafted request in WeblogPlugin

2022-08-0500:00:30

CWE-79

GitHub Advisory Database

github.com

apache

jspwiki

xss

weblogplugin

vulnerability

upgrade

software

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

56.1%

JSON

A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later.

Affected configurations

Vulners

Node

org.apache.jspwikijspwiki-mainRange<2.11.3

VendorProductVersionCPE
org.apache.jspwikijspwiki-main*cpe:2.3:a:org.apache.jspwiki:jspwiki-main:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
org.apache.jspwiki	jspwiki-main	*	cpe:2.3:a:org.apache.jspwiki:jspwiki-main::::::::

References

github.com/advisories/GHSA-hph8-29xw-qfxx

jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732

nvd.nist.gov/vuln/detail/CVE-2022-28732

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

56.1%

JSON

Related for GHSA-HPH8-29XW-QFXX