13 matches found
CVE-2022-24948
CVE-2022-24948 affects Apache JSPWiki. The vulnerability is a cross-site scripting (XSS) issue in the user preferences screen, allowing an attacker to execute JavaScript in a victim’s browser and potentially read sensitive information. The issue affects JSPWiki versions prior to 2.11.2; mitigatio...
CVE-2022-24947
CVE-2022-24947 affects Apache JSPWiki (versions prior to 2.11.2) via a CSRF vulnerability in the user preferences form, which can lead to account takeover. The issue is confirmed across multiple sources in the connected documents, and remediation is to upgrade to 2.11.2 or later. No exploit detai...
CVE-2022-28730
CVE-2022-28730 describes an XSS in Apache JSPWiki triggered by a crafted request on AJAXPreview.jsp, enabling execution of arbitrary JavaScript in the victim’s browser and exposure of sensitive information. The issue builds on CVE-2021-40369, where the Denounce plugin incorrectly renders user-sup...
CVE-2021-44140
CVE-2021-44140 affects Apache JSPWiki. A remote attacker can delete arbitrary files on a system hosting JSPWiki by sending a crafted HTTP request during logout, if those files are reachable by the user running JSPWiki. Affected software versions include up to 2.11.0.M8, with a recommended fix: up...
CVE-2022-34158
CVE-2022-34158 affects Apache JSPWiki prior to 2.11.3, where a crafted invocation on the Image plugin can trigger a CSRF vulnerability. This could allow group privilege escalation of the attacker’s account and, per the description, could also be used to modify the attacked account’s email and the...
CVE-2022-28731
CVE-2022-28731 describes a CSRF vulnerability in Apache JSPWiki (pre-2.11.3) triggered by a crafted request to UserPreferences.jsp . An attacker could modify the email on the targeted account and then initiate a password-reset from the login page. The severity is noted with a base score of 6.5 (M...
CVE-2021-40369
Apache JSPWiki is affected by an XSS vulnerability linked to CVE-2021-40369 via the Denounce plugin rendering user-supplied URLs in AJAXPreview.jsp. Exploitation could allow javascript execution in a victim’s browser and exposure of sensitive data. Remediation per connected sources is upgrade to ...
CVE-2022-27166
Apache JSPWiki is affected by a cross-site scripting vulnerability triggered by a crafted request to XHRHtml2Markup.jsp, impacting versions up to 2.11.2. The issue enables execution of JavaScript in a victim’s browser and potential information disclosure. A fix is available in version 2.11.3 and ...
CVE-2022-28732
Apache JSPWiki 2.x is affected by a cross-site scripting (XSS) vulnerability triggered by a crafted request on WeblogPlugin (and related vectors like XHRHtml2Markup.jsp) that could allow an attacker to execute JavaScript in a victim’s browser and access sensitive information. The CVE-2022-28732 e...
CVE-2022-46907
CVE-2022-46907 describes a cross-site scripting (XSS) vulnerability in Apache JSPWiki plugins. The issue stems from crafted requests that can trigger XSS in several JSPWiki plugins, allowing an attacker to execute JavaScript in a victim’s browser and access sensitive information. Affected softwar...
CVE-2024-27136
XSS vulnerability in Apache JSPWiki 2.12.1 and earlier on the Upload page allows an attacker to execute JavaScript in the victim’s browser and potentially access sensitive information. Multiple trusted sources (e.g., NVD, Red Hat, CNVD, OSV, VERACODE, GHSA) corroborate the issue and advise upgrad...
CVE-2025-24854
CVE-2025-24854 affects Apache JSPWiki’s Image plugin. A crafted request triggers a cross-site scripting (XSS) vulnerability that could allow JavaScript execution in the victim’s browser and potentially expose sensitive information. Affected component: JSPWiki Image plugin (version prior to 2.12.3...
CVE-2025-24853
CVE-2025-24853 affects Apache JSPWiki. The issue is a Cross-Site Scripting (XSS) vulnerability in header link processing, caused by unsafely handling header links created via wiki markup (and, per later research, the markdown parser). When exploited, an attacker could cause JavaScript execution i...