Lucene search
K
ApacheJspwiki

24 matches found

CVE
CVE
added 2022/02/25 8:30 a.m.125 views

CVE-2022-24948

CVE-2022-24948 affects Apache JSPWiki. The vulnerability is a cross-site scripting (XSS) issue in the user preferences screen, allowing an attacker to execute JavaScript in a victim’s browser and potentially read sensitive information. The issue affects JSPWiki versions prior to 2.11.2; mitigatio...

6.1CVSS6AI score0.02217EPSS
CVE
CVE
added 2022/02/25 8:30 a.m.121 views

CVE-2022-24947

CVE-2022-24947 affects Apache JSPWiki (versions prior to 2.11.2) via a CSRF vulnerability in the user preferences form, which can lead to account takeover. The issue is confirmed across multiple sources in the connected documents, and remediation is to upgrade to 2.11.2 or later. No exploit detai...

8.8CVSS8.7AI score0.01142EPSS
CVE
CVE
added 2022/08/04 6:15 a.m.96 views

CVE-2022-28730

CVE-2022-28730 describes an XSS in Apache JSPWiki triggered by a crafted request on AJAXPreview.jsp, enabling execution of arbitrary JavaScript in the victim’s browser and exposure of sensitive information. The issue builds on CVE-2021-40369, where the Denounce plugin incorrectly renders user-sup...

6.1CVSS6AI score0.85727EPSS
CVE
CVE
added 2021/11/24 11:15 a.m.95 views

CVE-2021-44140

CVE-2021-44140 affects Apache JSPWiki. A remote attacker can delete arbitrary files on a system hosting JSPWiki by sending a crafted HTTP request during logout, if those files are reachable by the user running JSPWiki. Affected software versions include up to 2.11.0.M8, with a recommended fix: up...

9.1CVSS9.2AI score0.06158EPSS
CVE
CVE
added 2019/05/20 8:46 p.m.93 views

CVE-2019-10077

CVE-2019-10077 affects Apache JSPWiki 2.9.0 to 2.11.0.M3 via a crafted InterWiki link that triggers an XSS vulnerability, potentially enabling session hijacking. The vulnerability is tied to JSPWiki before 2.11.0.M4 (as referenced by OpenVAS) and related advisories; upgrading to 2.11.0.M4 or late...

6.1CVSS5.8AI score0.04701EPSS
CVE
CVE
added 2022/08/04 6:15 a.m.89 views

CVE-2022-28731

CVE-2022-28731 describes a CSRF vulnerability in Apache JSPWiki (pre-2.11.3) triggered by a crafted request to UserPreferences.jsp . An attacker could modify the email on the targeted account and then initiate a password-reset from the login page. The severity is noted with a base score of 6.5 (M...

6.5CVSS6.4AI score0.56257EPSS
CVE
CVE
added 2022/08/04 6:16 a.m.89 views

CVE-2022-34158

CVE-2022-34158 affects Apache JSPWiki prior to 2.11.3, where a crafted invocation on the Image plugin can trigger a CSRF vulnerability. This could allow group privilege escalation of the attacker’s account and, per the description, could also be used to modify the attacked account’s email and the...

8.8CVSS8.9AI score0.01072EPSS
CVE
CVE
added 2021/11/24 11:15 a.m.88 views

CVE-2021-40369

Apache JSPWiki is affected by an XSS vulnerability linked to CVE-2021-40369 via the Denounce plugin rendering user-supplied URLs in AJAXPreview.jsp. Exploitation could allow javascript execution in a victim’s browser and exposure of sensitive data. Remediation per connected sources is upgrade to ...

6.1CVSS5.9AI score0.03311EPSS
CVE
CVE
added 2022/08/04 6:15 a.m.88 views

CVE-2022-27166

Apache JSPWiki is affected by a cross-site scripting vulnerability triggered by a crafted request to XHRHtml2Markup.jsp, impacting versions up to 2.11.2. The issue enables execution of JavaScript in a victim’s browser and potential information disclosure. A fix is available in version 2.11.3 and ...

6.1CVSS6AI score0.85291EPSS
CVE
CVE
added 2019/09/23 2:47 p.m.87 views

CVE-2019-10087

The CVE-2019-10087 issue affects Apache JSPWiki up to version 2.11.0.M4, where a carefully crafted plugin link invocation could trigger an XSS vulnerability in the Page Revision History. The vulnerability could allow an attacker to execute JavaScript in a victim’s browser and obtain some sensitiv...

6.1CVSS5.9AI score0.02913EPSS
CVE
CVE
added 2019/09/23 3:26 p.m.86 views

CVE-2019-10090

CVE-2019-10090 affects Apache JSPWiki up to version 2.11.0.M4. The vulnerability is an XSS flaw triggered by a crafted plugin link invocation related to the plain editor, allowing an attacker to execute JavaScript in the victim’s browser and potentially view sensitive information. The available c...

6.1CVSS5.9AI score0.02885EPSS
CVE
CVE
added 2019/03/28 9:0 p.m.85 views

CVE-2019-0224

CVE-2019-0224 affects Apache JSPWiki versions 2.9.0 to 2.11.0.M2. The vulnerability allows a crafted URL to execute JavaScript in the user’s own browser session. The provided sources describe the impact as client-side (no server/database writes and no cross-user script execution stated). The exac...

6.1CVSS6.2AI score0.0515EPSS
CVE
CVE
added 2019/09/23 2:54 p.m.84 views

CVE-2019-12404

CVE-2019-12404 affects Apache JSPWiki up to version 2.11.0.M4; OpenVAS notes vulnerability in

6.1CVSS5.9AI score0.02913EPSS
CVE
CVE
added 2022/08/04 6:15 a.m.83 views

CVE-2022-28732

Apache JSPWiki 2.x is affected by a cross-site scripting (XSS) vulnerability triggered by a crafted request on WeblogPlugin (and related vectors like XHRHtml2Markup.jsp) that could allow an attacker to execute JavaScript in a victim’s browser and access sensitive information. The CVE-2022-28732 e...

6.1CVSS5.9AI score0.85727EPSS
CVE
CVE
added 2019/09/23 3:40 p.m.82 views

CVE-2019-12407

This CVE affects Apache JSPWiki up to version 2.11.0.M4. The vulnerability is an XSS flaw triggered by a crafted plugin link invocation related to the remember parameter on certain JSPs, allowing an attacker to execute JavaScript in a victim’s browser and access some sensitive information. The co...

6.1CVSS5.9AI score0.02913EPSS
CVE
CVE
added 2023/05/25 6:58 a.m.80 views

CVE-2022-46907

CVE-2022-46907 describes a cross-site scripting (XSS) vulnerability in Apache JSPWiki plugins. The issue stems from crafted requests that can trigger XSS in several JSPWiki plugins, allowing an attacker to execute JavaScript in a victim’s browser and access sensitive information. Affected softwar...

6.1CVSS6AI score0.01162EPSS
CVE
CVE
added 2019/09/23 2:51 p.m.78 views

CVE-2019-10089

CVE-2019-10089 affects Apache JSPWiki up to version 2.11.0.M4. A crafted plugin link invocation related to the WYSIWYG editor can trigger an XSS vulnerability, allowing the attacker to execute JavaScript in a victim’s browser and access some sensitive information. No remediation details are provi...

6.1CVSS5.9AI score0.02898EPSS
CVE
CVE
added 2019/05/20 8:31 p.m.77 views

CVE-2019-10076

CVE-2019-10076 affects Apache JSPWiki 2.9.0 through 2.11.0.M3 and is described as a cross-site scripting (XSS) vulnerability triggered by a carefully crafted malicious attachment, potentially leading to session hijacking. The connected documents consistently reference the same affected product/ve...

6.1CVSS5.8AI score0.04725EPSS
CVE
CVE
added 2019/02/11 9:0 p.m.74 views

CVE-2018-20242

This CVE affects Apache JSPWiki up to version 2.10.5, where a crafted URL could trigger a cross-site scripting (XSS) vulnerability. The described impact is potential session hijacking. The connected documents consistently identify JSPWiki as the affected product and the vulnerability type as XSS,...

6.1CVSS5.8AI score0.05364EPSS
CVE
CVE
added 2019/03/28 9:7 p.m.74 views

CVE-2019-0225

Apache JSPWiki versions 2.9.0 to 2.11.0.M2 are affected by a path traversal vulnerability that allows a specially crafted URL to access files under the application ROOT and could disclose registered user details. Root cause described across multiple sources points to improper access control in UR...

7.8CVSS7.2AI score0.10263EPSS
CVE
CVE
added 2019/05/20 8:50 p.m.74 views

CVE-2019-10078

CVE-2019-10078 affects Apache JSPWiki (versions 2.9.0 through 2.11.0.M3). A carefully crafted plugin link invocation can trigger a cross-site scripting (XSS) vulnerability, leading to possible session hijacking. Multiple plugins were implicated, not just ReferredPagesPlugin, according to initial ...

6.1CVSS5.9AI score0.04937EPSS
CVE
CVE
added 2024/06/24 7:44 a.m.65 views

CVE-2024-27136

XSS vulnerability in Apache JSPWiki 2.12.1 and earlier on the Upload page allows an attacker to execute JavaScript in the victim’s browser and potentially access sensitive information. Multiple trusted sources (e.g., NVD, Red Hat, CNVD, OSV, VERACODE, GHSA) corroborate the issue and advise upgrad...

6.1CVSS6AI score0.5943EPSS
CVE
CVE
added 2025/07/31 8:43 a.m.29 views

CVE-2025-24854

CVE-2025-24854 affects Apache JSPWiki’s Image plugin. A crafted request triggers a cross-site scripting (XSS) vulnerability that could allow JavaScript execution in the victim’s browser and potentially expose sensitive information. Affected component: JSPWiki Image plugin (version prior to 2.12.3...

6.1CVSS5.7AI score0.00417EPSS
CVE
CVE
added 2025/07/31 8:42 a.m.27 views

CVE-2025-24853

CVE-2025-24853 affects Apache JSPWiki. The issue is a Cross-Site Scripting (XSS) vulnerability in header link processing, caused by unsafely handling header links created via wiki markup (and, per later research, the markdown parser). When exploited, an attacker could cause JavaScript execution i...

7.5CVSS6.3AI score0.00503EPSS