Apache JSPWiki is vulnerable to cross-site request forgery. A lack of secure password management to validate password change flow causes a vulnerability in user preferences form, allowing an attacker to trigger CSRF attacks which may lead to account takeover.
CPE | Name | Operator | Version |
---|---|---|---|
apache jspwiki main jar | le | 2.11.1 | |
apache jspwiki main jar | le | 2.11.1 |