Apache JSPWiki Cross-Site Request Forgery Vulnerability (CNVD-2022-76239)

Apache JSPWiki is an open source WikiWiki engine built on Java, Servlet and JSP from the Apache Foundation. security vulnerability exists in versions prior to Apache JSPWiki 2.11.3, which stems from a crafted request on UserPreferences.jsp could trigger a CSRF vulnerability that could be exploite...

Cross-Site Request Forgery (CSRF)

org.apache.jspwiki:jspwiki-builder is vulnerable to cross-site request forgery CSRF. A remote attacker is able to trigger an CSRF attack on UserPreferences.jsp via sending a specifically crafted request to modify the email associated with the victim's account and then a reset password request fro...

Apache JSPWiki CSRF due to crafted request on UserPreferences.jsp

A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page...

CVE-2022-28731

A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page...

CVE-2022-28731 Apache JSPWiki CSRF in UserPreferences.jsp

A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page...

JSPWiki <= 2.5.139 UserPreferences.jsp Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/25803/info JSPWiki is prone to multiple input-validation vulnerabilities, including multiple cross-site scripting issues and an HTML-injection issue, because the application fails to adequately sanitize user-supplied inpu...

CVE-2007-5120

Multiple cross-site scripting XSS vulnerabilities in JSPWiki 2.4.103 and 2.5.139-beta allow remote attackers to inject arbitrary web script or HTML via the 1 group and 2 members parameters in a NewGroup.jsp; the 3 edittime parameter in b Edit.jsp; the 4 edittime, 5 author, and 6 link parameters i...

CVE-2007-5120

Multiple cross-site scripting XSS vulnerabilities in JSPWiki 2.4.103 and 2.5.139-beta allow remote attackers to inject arbitrary web script or HTML via the 1 group and 2 members parameters in a NewGroup.jsp; the 3 edittime parameter in b Edit.jsp; the 4 edittime, 5 author, and 6 link parameters i...

JSPWiki 2.5.139 - UserPreferences.jsp Multiple Cross-Site Scripting Vulnerabilities

JSPWiki 2.5.139 - UserPreferences.jsp Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/25803/info JSPWiki is prone to multiple input-validation vulnerabilities, including multiple cross-site scripting issues and an HTML-injection issue, because the applicati...

JSPWiki 2.5.139 - &#039;UserPreferences.jsp&#039; Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/25803/info JSPWiki is prone to multiple input-validation vulnerabilities, including multiple cross-site scripting issues and an HTML-injection issue, because the application fails to adequately sanitize user-supplied input. Attacker-supplied HTML and scri...