org.apache.jspwiki.it:jspwiki-it-builder (>=2.11.0 <=2.11.3), org.apache.jspwiki.it:jspwiki-it-test-cma (>=2.11.0 <=2.11.3) +8 more potentially affected by CVE-2022-46907 via org.apache.jspwiki:jspwiki-war (>=2.10.0 <=2.11.3)

org.apache.jspwiki:jspwiki-war MAVEN version =2.10.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.10.0, =2.10.3, =2.11.0, =2.11.3 Source cves: CVE-2022-46907 Source advisory: OSV:GHSA-QVQ8-CW7F-M7M4...

org.apache.jspwiki.it:jspwiki-it-builder (>=2.11.0 <=2.11.0.M4), org.apache.jspwiki.it:jspwiki-it-test-cma (>=2.11.0 <=2.11.0.M4) +8 more potentially affected by CVE-2019-12407 via org.apache.jspwiki:jspwiki-war (>=2.10.0 <=2.11.0.M4)

org.apache.jspwiki:jspwiki-war MAVEN version =2.10.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.10.0, =2.10.3, =2.10.5 - org.apache.jspwiki:jspwiki-portable =2.11.0 Source cves: CVE-2019-12407 Source advisory: OSV:GHSA-P2R4-RPJ8-M2P9...

Cross-Site Scripting (XSS)

jspwiki-war is vulnerable to cross-site scripting XSS. The remember parameter in preview.jsp was not handled properly to escape malicious script injection, allowing to trigger the attack through it...

Cross-site Scripting (XSS)

jspwiki-war is vulnerable to cross-site scripting XSS. The vulneability exists through the plain editor section drop-down where html is not escaped...

org.apache.jspwiki.it:jspwiki-it-builder (=2.11.0), org.apache.jspwiki.it:jspwiki-it-test-cma (=2.11.0) +8 more potentially affected by CVE-2018-20242 via org.apache.jspwiki:jspwiki-war (>=2.10.0 <=2.11.0)

org.apache.jspwiki:jspwiki-war MAVEN version =2.10.0, =2.10.0, =2.10.3, =2.10.5 - org.apache.jspwiki:jspwiki-portable =2.11.0 Source cves: CVE-2018-20242 Source advisory: OSV:GHSA-5Q75-CXCQ-WR26...

Cross-site Scripting in jspwiki-war

A carefully crafted URL could trigger an XSS vulnerability on Apache JSPWiki, from versions up to 2.10.5, which could lead to session hijacking...