24 matches found
CVE-2022-24948
CVE-2022-24948 affects Apache JSPWiki. The vulnerability is a cross-site scripting (XSS) issue in the user preferences screen, allowing an attacker to execute JavaScript in a victim’s browser and potentially read sensitive information. The issue affects JSPWiki versions prior to 2.11.2; mitigatio...
CVE-2022-24947
CVE-2022-24947 affects Apache JSPWiki (versions prior to 2.11.2) via a CSRF vulnerability in the user preferences form, which can lead to account takeover. The issue is confirmed across multiple sources in the connected documents, and remediation is to upgrade to 2.11.2 or later. No exploit detai...
CVE-2022-28730
CVE-2022-28730 describes an XSS in Apache JSPWiki triggered by a crafted request on AJAXPreview.jsp, enabling execution of arbitrary JavaScript in the victim’s browser and exposure of sensitive information. The issue builds on CVE-2021-40369, where the Denounce plugin incorrectly renders user-sup...
CVE-2021-44140
CVE-2021-44140 affects Apache JSPWiki. A remote attacker can delete arbitrary files on a system hosting JSPWiki by sending a crafted HTTP request during logout, if those files are reachable by the user running JSPWiki. Affected software versions include up to 2.11.0.M8, with a recommended fix: up...
CVE-2019-10077
CVE-2019-10077 affects Apache JSPWiki 2.9.0 to 2.11.0.M3 via a crafted InterWiki link that triggers an XSS vulnerability, potentially enabling session hijacking. The vulnerability is tied to JSPWiki before 2.11.0.M4 (as referenced by OpenVAS) and related advisories; upgrading to 2.11.0.M4 or late...
CVE-2022-28731
CVE-2022-28731 describes a CSRF vulnerability in Apache JSPWiki (pre-2.11.3) triggered by a crafted request to UserPreferences.jsp . An attacker could modify the email on the targeted account and then initiate a password-reset from the login page. The severity is noted with a base score of 6.5 (M...
CVE-2022-34158
CVE-2022-34158 affects Apache JSPWiki prior to 2.11.3, where a crafted invocation on the Image plugin can trigger a CSRF vulnerability. This could allow group privilege escalation of the attacker’s account and, per the description, could also be used to modify the attacked account’s email and the...
CVE-2021-40369
Apache JSPWiki is affected by an XSS vulnerability linked to CVE-2021-40369 via the Denounce plugin rendering user-supplied URLs in AJAXPreview.jsp. Exploitation could allow javascript execution in a victim’s browser and exposure of sensitive data. Remediation per connected sources is upgrade to ...
CVE-2022-27166
Apache JSPWiki is affected by a cross-site scripting vulnerability triggered by a crafted request to XHRHtml2Markup.jsp, impacting versions up to 2.11.2. The issue enables execution of JavaScript in a victim’s browser and potential information disclosure. A fix is available in version 2.11.3 and ...
CVE-2019-10087
The CVE-2019-10087 issue affects Apache JSPWiki up to version 2.11.0.M4, where a carefully crafted plugin link invocation could trigger an XSS vulnerability in the Page Revision History. The vulnerability could allow an attacker to execute JavaScript in a victim’s browser and obtain some sensitiv...
CVE-2019-10090
CVE-2019-10090 affects Apache JSPWiki up to version 2.11.0.M4. The vulnerability is an XSS flaw triggered by a crafted plugin link invocation related to the plain editor, allowing an attacker to execute JavaScript in the victim’s browser and potentially view sensitive information. The available c...
CVE-2019-0224
CVE-2019-0224 affects Apache JSPWiki versions 2.9.0 to 2.11.0.M2. The vulnerability allows a crafted URL to execute JavaScript in the user’s own browser session. The provided sources describe the impact as client-side (no server/database writes and no cross-user script execution stated). The exac...
CVE-2019-12404
CVE-2019-12404 affects Apache JSPWiki up to version 2.11.0.M4; OpenVAS notes vulnerability in
CVE-2022-28732
Apache JSPWiki 2.x is affected by a cross-site scripting (XSS) vulnerability triggered by a crafted request on WeblogPlugin (and related vectors like XHRHtml2Markup.jsp) that could allow an attacker to execute JavaScript in a victim’s browser and access sensitive information. The CVE-2022-28732 e...
CVE-2019-12407
This CVE affects Apache JSPWiki up to version 2.11.0.M4. The vulnerability is an XSS flaw triggered by a crafted plugin link invocation related to the remember parameter on certain JSPs, allowing an attacker to execute JavaScript in a victim’s browser and access some sensitive information. The co...
CVE-2022-46907
CVE-2022-46907 describes a cross-site scripting (XSS) vulnerability in Apache JSPWiki plugins. The issue stems from crafted requests that can trigger XSS in several JSPWiki plugins, allowing an attacker to execute JavaScript in a victim’s browser and access sensitive information. Affected softwar...
CVE-2019-10089
CVE-2019-10089 affects Apache JSPWiki up to version 2.11.0.M4. A crafted plugin link invocation related to the WYSIWYG editor can trigger an XSS vulnerability, allowing the attacker to execute JavaScript in a victim’s browser and access some sensitive information. No remediation details are provi...
CVE-2019-10076
CVE-2019-10076 affects Apache JSPWiki 2.9.0 through 2.11.0.M3 and is described as a cross-site scripting (XSS) vulnerability triggered by a carefully crafted malicious attachment, potentially leading to session hijacking. The connected documents consistently reference the same affected product/ve...
CVE-2018-20242
This CVE affects Apache JSPWiki up to version 2.10.5, where a crafted URL could trigger a cross-site scripting (XSS) vulnerability. The described impact is potential session hijacking. The connected documents consistently identify JSPWiki as the affected product and the vulnerability type as XSS,...
CVE-2019-0225
Apache JSPWiki versions 2.9.0 to 2.11.0.M2 are affected by a path traversal vulnerability that allows a specially crafted URL to access files under the application ROOT and could disclose registered user details. Root cause described across multiple sources points to improper access control in UR...
CVE-2019-10078
CVE-2019-10078 affects Apache JSPWiki (versions 2.9.0 through 2.11.0.M3). A carefully crafted plugin link invocation can trigger a cross-site scripting (XSS) vulnerability, leading to possible session hijacking. Multiple plugins were implicated, not just ReferredPagesPlugin, according to initial ...
CVE-2024-27136
XSS vulnerability in Apache JSPWiki 2.12.1 and earlier on the Upload page allows an attacker to execute JavaScript in the victim’s browser and potentially access sensitive information. Multiple trusted sources (e.g., NVD, Red Hat, CNVD, OSV, VERACODE, GHSA) corroborate the issue and advise upgrad...
CVE-2025-24854
CVE-2025-24854 affects Apache JSPWiki’s Image plugin. A crafted request triggers a cross-site scripting (XSS) vulnerability that could allow JavaScript execution in the victim’s browser and potentially expose sensitive information. Affected component: JSPWiki Image plugin (version prior to 2.12.3...
CVE-2025-24853
CVE-2025-24853 affects Apache JSPWiki. The issue is a Cross-Site Scripting (XSS) vulnerability in header link processing, caused by unsafely handling header links created via wiki markup (and, per later research, the markdown parser). When exploited, an attacker could cause JavaScript execution i...