Lucene search
K

13 matches found

CVE
CVE
added 2022/02/25 8:30 a.m.126 views

CVE-2022-24948

CVE-2022-24948 affects Apache JSPWiki. The vulnerability is a cross-site scripting (XSS) issue in the user preferences screen, allowing an attacker to execute JavaScript in a victim’s browser and potentially read sensitive information. The issue affects JSPWiki versions prior to 2.11.2; mitigatio...

6.1CVSS6AI score0.02217EPSS
CVE
CVE
added 2022/02/25 8:30 a.m.122 views

CVE-2022-24947

CVE-2022-24947 affects Apache JSPWiki (versions prior to 2.11.2) via a CSRF vulnerability in the user preferences form, which can lead to account takeover. The issue is confirmed across multiple sources in the connected documents, and remediation is to upgrade to 2.11.2 or later. No exploit detai...

8.8CVSS8.7AI score0.01142EPSS
CVE
CVE
added 2022/08/04 6:15 a.m.98 views

CVE-2022-28730

CVE-2022-28730 describes an XSS in Apache JSPWiki triggered by a crafted request on AJAXPreview.jsp, enabling execution of arbitrary JavaScript in the victim’s browser and exposure of sensitive information. The issue builds on CVE-2021-40369, where the Denounce plugin incorrectly renders user-sup...

6.1CVSS6AI score0.85291EPSS
CVE
CVE
added 2021/11/24 11:15 a.m.95 views

CVE-2021-44140

CVE-2021-44140 affects Apache JSPWiki. A remote attacker can delete arbitrary files on a system hosting JSPWiki by sending a crafted HTTP request during logout, if those files are reachable by the user running JSPWiki. Affected software versions include up to 2.11.0.M8, with a recommended fix: up...

9.1CVSS9.2AI score0.06158EPSS
CVE
CVE
added 2022/08/04 6:16 a.m.90 views

CVE-2022-34158

CVE-2022-34158 affects Apache JSPWiki prior to 2.11.3, where a crafted invocation on the Image plugin can trigger a CSRF vulnerability. This could allow group privilege escalation of the attacker’s account and, per the description, could also be used to modify the attacked account’s email and the...

8.8CVSS8.9AI score0.01072EPSS
CVE
CVE
added 2022/08/04 6:15 a.m.89 views

CVE-2022-28731

CVE-2022-28731 describes a CSRF vulnerability in Apache JSPWiki (pre-2.11.3) triggered by a crafted request to UserPreferences.jsp . An attacker could modify the email on the targeted account and then initiate a password-reset from the login page. The severity is noted with a base score of 6.5 (M...

6.5CVSS6.4AI score0.81896EPSS
CVE
CVE
added 2021/11/24 11:15 a.m.88 views

CVE-2021-40369

Apache JSPWiki is affected by an XSS vulnerability linked to CVE-2021-40369 via the Denounce plugin rendering user-supplied URLs in AJAXPreview.jsp. Exploitation could allow javascript execution in a victim’s browser and exposure of sensitive data. Remediation per connected sources is upgrade to ...

6.1CVSS5.9AI score0.03311EPSS
CVE
CVE
added 2022/08/04 6:15 a.m.88 views

CVE-2022-27166

Apache JSPWiki is affected by a cross-site scripting vulnerability triggered by a crafted request to XHRHtml2Markup.jsp, impacting versions up to 2.11.2. The issue enables execution of JavaScript in a victim’s browser and potential information disclosure. A fix is available in version 2.11.3 and ...

6.1CVSS6AI score0.85291EPSS
CVE
CVE
added 2022/08/04 6:15 a.m.83 views

CVE-2022-28732

Apache JSPWiki 2.x is affected by a cross-site scripting (XSS) vulnerability triggered by a crafted request on WeblogPlugin (and related vectors like XHRHtml2Markup.jsp) that could allow an attacker to execute JavaScript in a victim’s browser and access sensitive information. The CVE-2022-28732 e...

6.1CVSS5.9AI score0.81896EPSS
CVE
CVE
added 2023/05/25 6:58 a.m.80 views

CVE-2022-46907

CVE-2022-46907 describes a cross-site scripting (XSS) vulnerability in Apache JSPWiki plugins. The issue stems from crafted requests that can trigger XSS in several JSPWiki plugins, allowing an attacker to execute JavaScript in a victim’s browser and access sensitive information. Affected softwar...

6.1CVSS6AI score0.01162EPSS
CVE
CVE
added 2024/06/24 7:44 a.m.66 views

CVE-2024-27136

XSS vulnerability in Apache JSPWiki 2.12.1 and earlier on the Upload page allows an attacker to execute JavaScript in the victim’s browser and potentially access sensitive information. Multiple trusted sources (e.g., NVD, Red Hat, CNVD, OSV, VERACODE, GHSA) corroborate the issue and advise upgrad...

6.1CVSS6AI score0.5943EPSS
CVE
CVE
added 2025/07/31 8:43 a.m.29 views

CVE-2025-24854

CVE-2025-24854 affects Apache JSPWiki’s Image plugin. A crafted request triggers a cross-site scripting (XSS) vulnerability that could allow JavaScript execution in the victim’s browser and potentially expose sensitive information. Affected component: JSPWiki Image plugin (version prior to 2.12.3...

6.1CVSS5.7AI score0.00447EPSS
CVE
CVE
added 2025/07/31 8:42 a.m.27 views

CVE-2025-24853

CVE-2025-24853 affects Apache JSPWiki. The issue is a Cross-Site Scripting (XSS) vulnerability in header link processing, caused by unsafely handling header links created via wiki markup (and, per later research, the markdown parser). When exploited, an attacker could cause JavaScript execution i...

7.5CVSS6.3AI score0.00525EPSS