Lucene search
HistoryAug 04, 2022 - 7:15 a.m.
CVE-2022-28731
csrf
apache jspwiki
email modification
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
27.3%
A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.
Affected configurations
Node
apachejspwikiRange<2.11.3
Related
ubuntucve
ubuntucve
CVE-2022-28731
2022-08-04 00:00:00
cve
cve
CVE-2022-28731
2022-08-04 07:15:07
github
github
Apache JSPWiki CSRF due to crafted request on UserPreferences.jsp
2022-08-05 00:00:30
prion
prion
Cross site request forgery (csrf)
2022-08-04 07:15:00
cnvd
cnvd
Apache JSPWiki Cross-Site Request Forgery Vulnerability (CNVD-2022-76239)
2022-08-08 00:00:00
veracode
veracode
Cross-Site Request Forgery (CSRF)
2022-08-05 04:01:08
cvelist
cvelist
CVE-2022-28731 Apache JSPWiki CSRF in UserPreferences.jsp
2022-08-04 06:15:43
osv
osv
CVE-2022-28731
2022-08-04 07:15:07
Apache JSPWiki CSRF due to crafted request on UserPreferences.jsp
2022-08-05 00:00:30
openvas
openvas
Apache JSPWiki < 2.11.3 Multiple Vulnerabilities
2022-08-05 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
27.3%
Related for NVD:CVE-2022-28731