8 matches found
Apache JSPWiki Cross-Site Scripting Vulnerability (CNVD-2022-83597)
Apache JSPWiki is an open source WikiWiki engine built on Java, Servlet and JSP from the Apache Foundation USA.A security vulnerability exists in versions prior to Apache JSPWiki 2.11.3, which stems from a carefully crafted request on AJAXPreview.jsp that could trigger an XSS vulnerability.This...
Apache JSPWiki XSS due to incomplete patch for CVE-2021-40369
A carefully crafted request on AJAXPreview.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. This vulnerability leverages CVE-2021-40369, where the Denounce...
Design/Logic Flaw
A carefully crafted request on AJAXPreview.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. This vulnerability leverages CVE-2021-40369, where the Denounce...
CVE-2022-28730
A carefully crafted request on AJAXPreview.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. This vulnerability leverages CVE-2021-40369, where the Denounce...
CVE-2022-28730
CVE-2022-28730 describes an XSS in Apache JSPWiki triggered by a crafted request on AJAXPreview.jsp, enabling execution of arbitrary JavaScript in the victim’s browser and exposure of sensitive information. The issue builds on CVE-2021-40369, where the Denounce plugin incorrectly renders user-sup...
CVE-2021-40369 XSS vulnerability on Denounce plugin
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to...
CVE-2021-40369
Apache JSPWiki is affected by an XSS vulnerability linked to CVE-2021-40369 via the Denounce plugin rendering user-supplied URLs in AJAXPreview.jsp. Exploitation could allow javascript execution in a victim’s browser and exposure of sensitive data. Remediation per connected sources is upgrade to ...
CVE-2021-40369
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to...