Lucene search
K

5 matches found

Veracode
Veracode
added 2022/08/05 5:4 a.m.19 views

Cross-Site Request Forgery (CSRF)

org.apache.jspwiki:jspwiki-builder and org.apache.jspwiki, jspwiki-war are vulnerable to cross-site request forgery CSRF. A remote attacker is able to trigger an CSRF attack on the Image plugin via sending a specifically crafted request, which allows a group privilege escalation of the attacker's...

8.8CVSS8.8AI score0.01072EPSS
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
added 2022/08/05 12:0 a.m.28 views

Apache JSPWiki CSRF due to crafted invocation on the Image plugin

A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated...

8.8CVSS8.6AI score0.01072EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/08/04 7:15 a.m.23 views

CVE-2022-34158

A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated...

8.8CVSS8.9AI score0.01072EPSS
Exploits0References1
Prion
Prion
added 2022/08/04 7:15 a.m.19 views

Cross site request forgery (csrf)

A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated...

6.8CVSS8.9AI score0.01072EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/08/04 6:16 a.m.36 views

CVE-2022-34158 User Group Privilege Escalation

A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated...

9.1AI score0.01072EPSS
Exploits0References1
Rows per page
Query Builder