Lucene search
+L

8 matches found

CNVD
CNVD
added 2022/08/08 12:0 a.m.52 views

Apache JSPWiki Cross-Site Scripting Vulnerability (CNVD-2022-83597)

Apache JSPWiki is an open source WikiWiki engine built on Java, Servlet and JSP from the Apache Foundation USA.A security vulnerability exists in versions prior to Apache JSPWiki 2.11.3, which stems from a carefully crafted request on AJAXPreview.jsp that could trigger an XSS vulnerability.This...

6.1CVSS2AI score0.85291EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/08/05 12:0 a.m.30 views

Apache JSPWiki XSS due to incomplete patch for CVE-2021-40369

A carefully crafted request on AJAXPreview.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. This vulnerability leverages CVE-2021-40369, where the Denounce...

6.1CVSS5.8AI score0.85291EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2022/08/04 7:15 a.m.18 views

Design/Logic Flaw

A carefully crafted request on AJAXPreview.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. This vulnerability leverages CVE-2021-40369, where the Denounce...

5.8CVSS5.9AI score0.85291EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2022/08/04 7:15 a.m.45 views

CVE-2022-28730

A carefully crafted request on AJAXPreview.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. This vulnerability leverages CVE-2021-40369, where the Denounce...

6.1CVSS6.3AI score0.85291EPSS
Exploits0References3
CVE
CVE
added 2022/08/04 6:15 a.m.98 views

CVE-2022-28730

CVE-2022-28730 describes an XSS in Apache JSPWiki triggered by a crafted request on AJAXPreview.jsp, enabling execution of arbitrary JavaScript in the victim’s browser and exposure of sensitive information. The issue builds on CVE-2021-40369, where the Denounce plugin incorrectly renders user-sup...

6.1CVSS6AI score0.85291EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/11/24 11:15 a.m.31 views

CVE-2021-40369 XSS vulnerability on Denounce plugin

A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to...

6.4AI score0.03311EPSS
Exploits0References3
CVE
CVE
added 2021/11/24 11:15 a.m.91 views

CVE-2021-40369

Apache JSPWiki is affected by an XSS vulnerability linked to CVE-2021-40369 via the Denounce plugin rendering user-supplied URLs in AJAXPreview.jsp. Exploitation could allow javascript execution in a victim’s browser and exposure of sensitive data. Remediation per connected sources is upgrade to ...

6.1CVSS5.9AI score0.03311EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2021/11/24 12:0 a.m.26 views

CVE-2021-40369

A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to...

6.1CVSS6.4AI score0.03311EPSS
Exploits0References1
Rows per page
Query Builder