Lucene search

[email protected]NVD:CVE-2022-28732

HistoryAug 04, 2022 - 7:15 a.m.

CVE-2022-28732

2022-08-0407:15:07

CWE-79

[email protected]

web.nvd.nist.gov

weblogplugin

xss vulnerability

apache jspwiki

javascript execution

sensitive information

upgrade

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

56.1%

JSON

A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later.

Affected configurations

Nvd

Node

apachejspwikiRange<2.11.3

VendorProductVersionCPE
apachejspwiki*cpe:2.3:a:apache:jspwiki:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	jspwiki	*	cpe:2.3:a:apache:jspwiki::::::::

References

jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

56.1%

JSON

Related for NVD:CVE-2022-28732

prion1 cve1 osv8 veracode1 cvelist1 cnvd1 ubuntucve1 github1 openvas1